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DHS Faces Security, 
Leadership Hurdles 


Private-sector IT 
execs see diminished 


cybersecurity role 

BY DAN VERTON 

WASHINGTON 

This Friday marks the end of 
the 30-day period in which 
the U.S. Department of 
Homeland Security hoped it 
would hire a leader for its 
cybersecurity division. But 
there are serious doubts 
about whether the DHS will 
be able to hire the right per- 
son this week or even in the 
foreseeable future. 

According to the former 
top cybersecurity adviser to 
the president, a high-level 
source in the DHS and IT 
industry executives, many 
of the most qualified candi- 
dates have been turned off 
by what they perceive as 
the administration’s sur- 
prising change of heart on 
cybersecurity. 

“The elimination of the 
presidential position [of cy- 
bersecurity adviser] sent a 

Cybersecurity, page 12 
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Had little choice but to 
sign Microsoft deal, 
despite security flaws 
BY DAN VERTON 

The fact that the U.S. De- 
partment of Homeland 
Security awarded Microsoft 
Corp. a $90 million enter- 
prise software deal two days 
after Bill Gates met with 
DHS Secretary Tom Ridge 
in Washington is more than 
sheer coincidence. 

It’s now a major security 
headache for a mammoth 
new agency that security 
experts say lacks the where- 
withal to have considered 

Microsoft Deal, page 12 


BY JAIKUMAR VIJAYAN 
Users last week reacted 
with a mixture of con- 
cern and resignation to 
the discovery of a criti- 
cal flaw in almost all 
versions of Microsoft 
Corp.’s Windows soft- 
ware, including the Win- 
dows Server 2003 oper- 
ating system. 

The vulnerability ex- 
ists in a communication 

Windows Flaw, page 12 





| being forced to Unix 
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| pha “funeral,” 
| marked the company’s transi- 
| tion to Hewlett-Packard Co.’s 
| HP-UX version of Unix run- 

| ning on its Superdome server. 





Project management offices aren’t doing their jobs, report'says. 
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| Sun and IBM eager 


to attract HP users 


| BY PATRICK THIBODEAU 


The IT staff at Best Western 


| International Inc. last week 

| wheeled an Alpha server that 
| had run the venerable Tru64 
| Unix operating system into 

| aconference room. Over a 

| chicken parmigiana lunch, 

| they bade it goodbye. 


Jerry Skaare, director of ar- 


| chitecture at the Phoenix- 


based hotel chain, said the Al- 
as he cailed it, 


Every user of the Tru64 
Unix operating system and Al- 
pha chips will eventually have 


| to migrate, since HP is phas- 


| usual ROI techniques 





| Building a case will 
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Even in the economic doldrums, ClOs are plan- 
ning for better days. We asked a half-dozen ClOs 
- who are bursting with pent-up IT initiatives - 
what their first investments will be when the 
economy picks up. Page 37 


Mitsubishi Motor Sales CIO Tony Romero has used the lull to develop a 
four-year IT road map “so when things get better, we're ready to go.” 


‘Rivals of HP Court Tru64 Users | 


ing them out in favor of HP- 

UX and Intel Corp.’s Itanium 

processor. And the company’s 

rivals see that as an open door. | 
Sun Microsystems Inc. last | 

week detailed a plan, called 

“HP Away,” to woo HP users 

to its Solaris-on-Sparc plat- 

form. Larry Singer, Sun’s chief | 

Tru64, page 53 | 


‘IT Security Short on Funding 


| Ernst & Young International. 
| Anda majority of the com- 
| panies surveyed said they 
| rarely or never calculate re- 
| turn on investment when 
| building a case for informa- 
| tion security budgets. 
“Return on investment ap- 
| pears to have fallen out of fa- 
vor as a measure of the effec- 
| tiveness of information securi- 
IT Security, page 53 


require alternative to 


BY JAIKUMAR VIJAYAN 
Inadequate funding remains 
the single largest obstacle to 
implementing effective IT se- 
curity measures at most com- 
panies, according to a recent 
global survey conducted by 
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Manages storage resources to meet changing demand. On demand. 
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their lifetime value and achieve greater competitive 
advantage. To find out how leading companies are 
reaping the rewards of SAS customer intelligence 


software, call 1 866 270 5723 or visit our Web site. 
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EMERGING TECHNOLOGIES 
1/0 Moves Into the Express Lane 


in the Technology section: PCI Express stands ready 
to open Peripheral Component Interconnect bus 
bottlenecks, but most users don’t yet have a need 
for the technology. Page 23 
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Consolidation projects are 
boosting demand for high-end 
products in the sluggish serv- 
er market. 


Senate votes to kill funding 
for TIA, the antiterrorism 
data-mining program. 


Project management offices 
are too bogged down by ad- 
ministrative tasks to do their 
job effectively. 


EMC introduces a remote 
storage metering device. 


P2P file sharing on corporate 
networks is becoming more 
widespread than many com- 
panies realize. 


CA claims its Sonar technol- 
ogy will allow IT managers to 
more efficiently exploit exist- 
ing resources. 


IBM and Cisco sign a deal to 
install 8,000 multiprotocol 
switches at AXA Group. 


Corporations still appear to 
be unwilling to make the orga- 
nizational changes necessary 
to improve security. 


Amerisure Insurance uses 
Compuware tools to test a 
multimillion-dollar insurance 
policy processing system. 


Videoconferencing vendors 
try to rekindle the market 
with new products. 


Q&A: Lotus 1-2-3 creator 
Mitch Kapor discusses Lin- 
ux’s impact on corporate 
computing. 


- TECHNOLOGY 


30 Case Study: Boehringer Cures 
Slow Reporting. The pharma- 
ceutical company turns to an 
SAP/Cognos system to speed 
its financial reports. 


Plugging Storage Security 
Holes. Users and experts give 
advice on how to secure SAN 
and NAS systems. 


32 Future Watch: TV for the 21st 
Century. Public Broadcasting 
Service is adopting supply 
chain concepts and open IT 
standards, promising to fun- 
damentally change TV broad- 
casting. 


34 Security Manager’s Journal: 
Arrogance Undermines Best 
Antivirus Defense. Inatten- 
tion and complacency allow 
Vince Tuesday’s layered an- 
tivirus defense to atrophy — 
and a virus gets through the 
corporate defenses. 


MANAGEMENT 


37 Ready, Set. . . Here’s a look 
at types of projects that CIOs 
will spend their IT dollars on 
when the economy improves. 


40 Thrift Thrives on Low Tech. 
Washington Federal Savings 
and Loan is doing just fine 
with its typewriters and low- 
tech approach. 


42 Q&A: Don’t Kid Yourself. IT 
managers need to be more re- 
alistic about project planning, 
says Dan Lovallo, who wrote 
an article about the subject in 
this month’s Harvard Business 
Review. 


OZ2103 


Open for Inspection 

In the Management section: Thanks to the new 
Web site of New York’s Department of Buildings, 
architects and engineers no longer have to wait 
hours in line to get crucial information to work on 
the city's 900,000 buildings. Page 39 





OPINIONS 


8 On the Mark: Mark Hall says 
spam has outfoxed the simple 
solutions, so vendors are of- 
fering more complex tools to 
weed out unwanted e-mail. 


20 Patricia Keefe wants the De- 
partment of Homeland Securi- 
ty to spend less time babbling 
about its “business approach” 
to fighting terrorism and 
more time educating CEOs 
about the IT security crisis. 


20 Pimm Fox notes that efforts to 
defend our nation’s infra- 
structure will help drive the 
digital economy. 


Greg Papadopoulos, Sun’s 
CTO, predicts that something 
called “bitmass” will change 
the texture of our world. 


36 Nicholas Petreley says CPU 
standards are needed to maxi- 
mize computing performance. 


44 Bart Perkins points out that 
Oracle’s hostile bid for People- 
Soft underscores the need for 
CIOs to protect their own in- 
terests in software contracts. 


54 Frankly Speaking: Frank 
Hayes says CEOs who used 
to clip IT ideas from business 
publications are smarter now 
— and IT managers should 
be smarter about how they 
respond to their ideas. 
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How to Take the 
Offense on Identity Theft 


SECURITY: Jeff Drake, director of security 
strategy at Tivoli Software, offers practical 
advice on how organizations can keep em- 
ployee and customer data safe from mali- 
cious hackers. @ QuickLink 39094 


Inside the Hacker’s 

Toolbox, Part 2 

MOBILE/WIRELESS: This week’s installment 
from AirDefense’s Brian Moran looks at 
hacker tools and what they can do to your 
wireless LAN. @ QuickLink 39930 


Using Web Analytics 

WEB SITE MANAGEMENT: Find out how (and 
how not) to measure the success of your Web 
site investment. @ QuickLink 39648 


Museum's SAN Takes 

On a Mammoth Task 

STORAGE: A 14.4TB SAN at the American 
Museum of Natural History provides backup 
and data management for 32 million objects 
and the work of 200 scientists. 

© QuickLink 39870 


Wireless West Point 
MOBILE/WIRELESS: Col. Donald J. Welch ex- 
plains the choices West Point made as it built 
its high-bandwidth, high-traffic wireless 
LAN. @ QuickLink 39967 


ONLINE 
DEPARTMENTS 
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© QuickLink 21510 
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PeopleSoft Closes 
J.D. Edwards Deal 


PeopleSoft Inc. on July 18 an- 
nounced the completion of its 
buyout of business applications 
rival J.D. Edwards & Co., having 
acquired 110 million shares, or 
88%, of J.D. Edwards’ stock. 
Separately, Oracle Corp., which 
has made a hostile bid for People- 
Soft, confirmed that its chief mar- 
keting officer, Mark Jarvis, re- 
signed. For full coverage, go to 
QuickLink a3320 on our Web site. 


Orbitz: Oracle to 
Blame for Outage 


Orbitz LLC, the airline-owned 
travel Web site, said an outage on 
July 16 was related to an Oracle 
database. Orbitz spokeswoman 
Carol Jouzaitis said it was the 
most severe outage to hit the site 
since it was launched about two 


years ago. Jouzaitis said that as a | 


result, Orbitz is no longer using 
Oracle’s 9i Real Application Clus- 


ters database software. An Oracle | 


spokeswoman stressed that the 

company worked closely with Or- 
bitz to fix the problem and that no 
customer data was compromised. 


Oo 


Holes Discovered 
In Cisco System 


Security experts warned July 18 
that ready-made code that ex- 
ploits a recently announced Cisco 
Systems Inc. Internetworking Op- 
erating System (10S) vulnerability 
is circulating, and that attacks us- 
ing the exploit are taking place. 
Cisco had warned on July 16 of a 
serious, widespread flaw in 10S 
that could make devices using the 
operating system vulnerable to 
denial-of-service attacks. 


Short Takes 


COGNOS INC. this week plans to 
announce the Cognos Metrics 
Manager Version 2. It will ship in 
mid-August, priced at $650 per 
seat. .. . DELL COMPUTER CORP. 
shareholders voted to change the 
company’s name to Dell Inc. 


NEWS 


Consolidation Projects 


| Demand for high-end products offers a 
| glimmer of hope as sales stagnate 





| BY PATRICK THIBODEAU 
| NEW YORK 

HE SERVER consoli- 
dation path led Dale 
Pickford, chief infra- 
structure officer at 


| Ocwen Technology Xchange 


Inc., to the high end of the 


| server market. He replaced 140 


servers, each of which housed 
12-way processors at most, 
with two Sun Microsystems 
Inc. servers, one running 78 


| processors and the other run- 
| ning 107. 


That move allowed Ocwen, 


the technology subsidiary of 


financial services company 
Ocwen Financial Corp. in 
West Palm Beach, Fla., to cen- 
tralize IT management. “High- 





end servers give you the 


| means to accomplish that,” 


said Pickford, an attendee at a 
Sun server consolidation fo- 


| rum here last week. 


Sun officials said they’re 


; 
| seeing strong demand for 


high-end servers, and it’s a 


| customer trend that the com- 


pany wants to exploit. Sun will 
announce its fourth-quarter 


| earnings tomorrow. Its rev- 
| enue for the third quarter, 
| which ended March 30, was 


| $2.79 billion, down 10.2% from 
| the same quarter last year. 


Sales Slump 

| Worldwide server sales have 
been battered by the econom- 
ic downturn, according to 
market research firm IDC in 

| Framingham, Mass. Revenue 

| declined nearly 12% last year 
to $49.3 billion and will re- 


consolidation is helping the 
sale of high-end servers, say 
analysts and vendors. Despite 
the overall decline in server 
sales, revenue from these 
large, predominantly Unix- 
based servers costing between 
$500,000 and $1 million re- 
mained flat at $3.37 billion. It 





| main flat this year. Data center | 





isn’t expected to change much 


| this year. 


Another relatively active 
market is for servers that cost 
under $10,000 and may be 
used as a Clustering alternative 
to large systems. Revenue has 
also been flat in that market, at 
$14.4 billion in each of the past 


| two years. But IDC sees it in- 


creasing by more than 10% 
this year to $15.9 billion. 
Bill Claybrook, an analyst at 


| Aberdeen Group Inc. in Bos- 


ton, said the high-end market 
will deteriorate as clusters, es- 
pecially those running Linux, 


| become more mature. 


But for some corporate IT 
managers consolidating opera- 





Elevate Server Market 


Worldwide 
Server Revenue 
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tions, such as Andy Miller, vice 
president of technical architec- 
ture at Corporate Express Inc. 
in Broomfield, Colo., clusters 
aren’t ready. They require “too 
many interesting software ele- 
ments” to effectively manage 
them, Miller said. 

“Certainly the idea that you 
can manage a cluster as one 


FRAMINGHAM, MASS. 
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box really isn’t there yet,” said 
Miller, who has moved part of 
his operations to high-end Sun 
servers. 

IBM’s continuing faith in 
the high end was demonstrat- 
ed by the recent launch of its 
z990 mainframe system, code- 
named T-Rex. 

“Customers are seeing value 
in consolidating to high-end 
products,” said Michael Bliss, 
IBM’s program director for sys- 
tems consolidation marketing. 

IBM last week said revenue 
in its most recent quarter rose 
to $21.6 billion, a 10% increase 
over the same period last year. 
While the company attributed 
the strong showing largely to 
software and services rather 
than hardware, it said its Intel 
and Unix server sales grew 
23% and 20%, respectively. D 


VIRTUALLY DOUBLED 


VMware's virtualization software will now 
support larger applications that need to run 
on two CPUs: 


e QuickLink 39996 
www.computerworld.com 





Senate Votes to Kil Funds 
For Antiterror Data Mining 


| BY DAN VERTON 


WASHINGTON 
The Senate last week voted to 
wipe out funding for a Penta- 


| gon data mining program that 
| the White House says is a crit- 


ical weapon needed for the 
war on terrorism. 

Sen. Ted Stevens (R-Alaska) 
introduced an amendment to 
the Defense Appropriations 
Bill on July 14 that would ef- 


| fectively eliminate funding for 
| the Terrorism Information 

| Awareness (TIA) program be- 
| ing developed by the Defense 

| Advanced Research Projects 

; Agency (DARPA). The Senate 


passed the bill unanimously 
with the amendment intact. 
Since its inception, TIA 


| (formerly known as the Total 
| Information Awareness pro- 

; gram) has drawn criticism 

| from privacy rights advocates 


who fear it would allow au- 


| thorities to rifle through the 


electronic transactions of mil- 
lions of law-abiding U.S. citi- 


| 





| zens in an effort to uncover 


the activities of suspected ter- 
rorists. That fear stems from 
the program’s intent to rely on 
a mix of government, intelli- 
gence and commercial data- 
bases to mine electronic trans- 
actions, such as airline-ticket 
purchases and car rentals, for 


| indications of potential terror- 


ist activity. 


‘Synthetic Data’ Only 

TIA development and testing 
has been under way for sever- 
al months at the Army’s Intel- 


| ligence and Security Com- 


mand at Fort Belvoir, Va. Pro- 
gram officials at DARPA 
maintain that the testing proc- 
ess relies on synthetic data 
and that the final system 


| would focus not on collection 


LOW-HANGING FRUIT 
The U.S. government's CIO says he can 
save $3 billion in IT costs over five years: 


QuickLink 39937 
www.computerworld.com 





but on analysis of “legally ob- 
tained” data. Furthermore, 
data would first be made 
anonymous before intelligent 
software agents, not human 
beings, could conduct analy- 
sis, according to program 
documents obtained by 
Computerworld. 

The House version of the 
bill, passed earlier this month, 
imposed advance notification 
and authorization require- 
ments on the program before 
funding could be used to de- 
ploy any part of the system. 
The program’s fate will be de- 
termined by a joint House- 
Senate conference session. 

“From an intelligence policy 
point of view, something like 
TIA could help to break down 
the arbitrary barriers to infor- 
mation-sharing that have long 
existed among government 
agencies,” said Steven After- 
good, director of the Project 
on Government Secrecy at the 
Federation of American Scien- 
tists in Washington. “But 
DARPA was slow to address 
the privacy concerns raised by 
the program. Now they are 
paying the price.” D 
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Value of Project Management Offices Questioned | 


Study finds focus on process, not 
progress, means 36% of IT projects ‘fail’ 





BY THOMAS HOFFMAN | 
Most companies have estab- | 
| 


lished project management 
offices (PMO) to help them 
enforce standard IT processes 
during IT/business projects, 
according to a recently re- 
leased report by Forrester 


Research Inc. But many PMOs 
continue to spend too much 
time compiling reports for 
senior management and not 
enough time ensuring that 
projects are delivered on time 
and within scope. 

That could explain why the 


EMC Introduces 
‘Metered’ Storage 


More users will 
have access to pay- 
as-you-go model 


BY LUCAS MEARIAN 
EMC Corp. last week intro- 
duced a remote storage meter- 
ing device that’s designed to 
allow its biggest customers to 
install standby storage and 
network bandwidth capacity 
and pay only for what they use. 
EMC said its OpenScale 
Automated Billing appliance 
is being offered as part of its 
OpenScale storage asset and 
financial management pro- 
gram. First introduced in 1999, 
the OpenScale program has 
been limited to 50 to 100 EMC 
customers because its manual 
reporting process required 
field engineers to visit cus- 
tomer sites to determine how 
much storage was being used. 
With the metering device, 
the OpenScale program now 
includes a server with soft- 
ware installed on-site to de- 


They want to 

sell you a new 
frame and fully pop- 
ulate it so that you 
pay for it as you use 
it. To me, that’s a 
great model. 


JIM HULL, VICE PRESIDENT 


and automatically 





MASTERCARD INTERNATIONAL 


EMC’s OpenScale 
Automated Billing 
Program 


‘ | 
tect and monitor every storage | 


device and application being 
run on a storage-area network 
(SAN), including capacity, 
switch ports and storage soft- 
ware licenses. InfoLease, the 
application that runs on the 
EMC-provided 
server, monitors 
storage activity 


sends usage re- 
ports to EMC viaa 
Web portal. 
MasterCard International 
Inc. in Purchase, N-Y., man- 
ages about 300TB of EMC- 
based SAN storage and SOTB 
of direct-attached storage 
from Sun Microsystems Inc., 


| said Jim Hull, vice president of 


computer network services. 
Hull said several vendors, 

including IBM and Sun, are 

offering different types of on- 


demand capacity. For instance, | 


MasterCard utilizes IBM’s on- 
demand mainframe capacity 
model. Hull said he’s interest- 


MORE ONLINE 


Read more at our Storage 
Knowledge Center 


@ QuickLink 1700 
www.computerworld.com 
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| report found that nearly one- 
| fifth of all new IT projects are 
| completed three or more 
| months late. 
“It’s no surprise that the 
presence of a PMO didn’t have 
| much effect on project failure 
| rates,” said Tom Pohlmann, an 
analyst at Cambridge, Mass.- 
based Forrester and author of 
| the report “How Companies 
| Govern Their IT Spending,” 
| ed in EMC’s program because 
| a customer pays only for what 
| it uses. “They want to sell you 
a new frame and fully popu- 
| late it so that you pay for it as 


| you use it. To me, that’s a great | 


model,” said Hull. EMC said it 
won't be charging any fees for 
standby capacity. 

Bill Raftery, vice president 
of global financial services at 
| EMC in Hopkinton, Mass., 
said the vendor’s largest cus- 
tomers complain that current 
approaches to procuring and 
deploying additional storage 
are too complex and expen- 
sive. To buy extra storage, 
more than a dozen people are 
often needed to sign off on or- 
der forms at customer compa- 
| nies. The process can take 
anywhere from six to nine 
| months to complete and cost 
| millions of dollars. 

EMC said OpenScale pro- 

| vides automated billing for its 
| Symmetrix, Clariion and Cel- 
| 
| 





erra storage arrays, as well as 

| ___ its Connectrix 

switches and Time- 

Finder and Sym- 

metrix Remote 

Data Facility soft- 

ware. Raftery said 

EMC is targeting 

| “hundreds” of customers who 

| run 5OTB of storage or more 

| for the metered service. 

| Tony Prigmore, an analyst at 

| The Enterprise Storage Group 

| Inc. in Milford, Mass., said 
EMC’s metering system repre- 
sents an early version of utility 
computing. “I don’t know that 
EMC’s approach works for 

| everyone in the market, but 

it’s an important step for a 

| certain type of client ... seri- 

| ous consumers of storage,” 
Prigmore said. D 


| published June 30. The study 

| is based on telephone inter- 

| views with 704 North Ameri- 

| can IT decision-makers be- 
tween late April and June. 

Sixty-seven percent of the 

| respondents said their organi- 
zations have one or more 

PMOs — either inside or out- 

side of the IT department. 

That’s up from 53% last year. 

The problem, Pohlmann 

said, is that too many PMOs 
| serve as “process cops and re- 
| port compilers” for executive 
| teams and often “lose sight of 
| what they’re supposed to be 
| doing — to make sure projects 
are running effectively.” 

Dan Garrow, senior vice 
president of information sys- 
| tems and CIO at Mohegan Sun 

casino, agreed with the re- 
| port’s findings. “We have a 
| PMO, which has frequently 
| been referred to as the ‘PMO 
| police,” he said. 

The IT department at the 

Uncasville, Conn.-based hotel 
| and casino is “working hard to 

overcome that perception,” in 

part by trying to enlist senior 
management support of PMO 
concepts, Garrow said. 
In addition, IT departments 
| have to be more rigid about 
which projects they’re willing 
| to take on, he said. “IS depart- 
| ments are so ingrained with 
| the idea of being a service or- 
ganization that to say no toa 
customer is almost taboo,” 
said Garrow. He advocated 
calling on executive manage- 
ment “to assist and, in many 
| cases, say no on behalf of the 
| IS function so they can main- 
tain the customer relationship 
| with user departments.” 
For this study, Forrester 
| classified a project as a “fail- 


Pee ecreresessereseessesessseses 


a8 [PMOs] lose 


sight of what 
they’re supposed to 
be doing - to make 
sure projects are 

running effectively. 


| TOM POHLMANN, ANALYST 
| FORRESTER RESEARCH 


| 
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How effective would 
| you rate your PMQ(s) at 
improving project delivery 
in your organization? 
Chemicals and energy 
bie eT 48% 33% 
Manufacturing 
18% 55% 27% 


Technology and telecom 


16% « 67% 16% 


Finance and insurance 


seh) 55% 29% 


Distribution 
14% 


Services 


56% 31% 


@ Very effective 
@ Reasonably effective 
@ Ineffective 


Base: 704 North American IT det 
ne survey that was 


cision 


| ure” if it was delivered one to 

| three months late and affected 

| at least 3,000 end users. Ac- 

cording to survey respon- 

dents, 19% of their application 

| initiatives were delivered at 

least three months late, and 

| another 17% were one to three 

| months overdue. 

| For his part, Pohlmann said 

he doesn’t expect any dramat- 

ic improvements in IT project 

delivery rates, because of IT 

| management apathy. “I think 

| there is improvement that can 

| be achieved, but not from a 

| project management method- 

| ology standpoint, because 

| those have been around for 

years,” said Pohlmann. In- 

| stead, he said, business units 

have to be much more in- 

volved with IT departments 

| ona project’s requirements 

throughout its entire life cycle. 
Don Christian, a partner at 

New York-based Pricewater- 

| houseCoopers, said he be- 

| lieves Forrester’s decision to 

use a one-to-three-month 

project delay as part of the cri- 

| teria is too harsh. “Our experi- 

ences have found that one-to- 

| three-month delays on proj- 

ects might be palatable if they 

end up meeting their original 

| business benefits,” he said. D 
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HP Storage VP 
Moves to EMC 


Hewlett-Packard Co. confirmed 
last week that Mark Sorenson, 
vice president of its storage soft- 
ware division, left earlier this 
month to accept a position in 
EMC Corp.’s Open Software 
Division alongside former HP 
colleague Mark Lewis. Lewis 
became EMC’s chief technology 
officer about a year ago and now 
heads EMC’s Open Software di- 
vision. Frank Harbist, formerly 
vice president and general man- 
ager of HP’s Nearline Storage 
Division, will replace Sorenson. 


Sybase Broadens 
Support for Linux 


Sybase Inc. last week launched 
a Linux Competency Center in 
New York and said it plans to 
port all of its software to Linux 
by next year. Dublin, Calif.-based 
Sybase already offers its Adap- 
tive Server Enterprise relational 
database and several other prod- 
ucts on Linux. Products yet to be 
ported include the Sybase IQ an- 
alytical database and the Sybase 
Integration Suite. 


Adobe Announces 
Form Design Tool 


Adobe Systems Inc. last week 
announced XML/PDF Form De- 
signer, which will enable users 
to create electronic forms that 
process data using Adobe Acro- 
bat software or XML Data Pack- 
age. San Jose-based Adobe said 
the graphical tool, to be available 
early next year, will allow com- 
panies to include XML schemas 
when creating forms. 


Short Takes 


PEOPLESOFT INC. and AMER 
ONLINE INC. signed a deal to in- 
tegrate AOL’s Instant Messenger 
software into PeopleSoft appli- 
cations. ... ACCENTURE LTD 
said it exceeded net revenue and 
earnings expectations for its 
third quarter. 
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Elaborate Spam 


\h Tt TY] AA ADI 
IN LHI LAK! 


Defenses 


Complicate IT’... 


... infrastructure but may be the only way to weed out the tiresome, 

resource-robbing e-mails from smarmy marketers, tedious pornogra- 
phers and former Nigerian officials seeking your bank account num- 
ber since their weapons of mass destruction scams have been uncovered. 


That’s the message from vendors who are rolling out multitiered prod- 


ucts to defeat spammers’ missives before they reach corporate desk- 
tops. One of those vendors is Webwasher AG, which next week will 


spin off SpamEquater Prime from its in- 
tegrated Content Security Management 
Suite. CEOs can easily see how spam 
hurts a company’s productivity since 
they, too, are victims, says Webwasher 
Vice President Frances Schlosstein. She 
claims that as much as half of all e-mail 
coming into some companies is spam, 
with the result being high-level executives 
storming into IT’s offices and demanding 
immediate fixes. That makes it easier to 
sell spam-specific products rather than 


ance spam blocking with the need to 
eliminate false positives. “You don’t want 
to lose a key sales contract in e-mail be- 
cause some software blocked it,” he says. 
That’s why administrators are able to 
employ two levels of confinement for 
suspect messages, with SpamEquater 
Prime on a central server, the end user’s 
desktop, or both. ® Believe it or not, it’s 
been only during “the last 180 days that 
there’s been a tremendous uptick in the 
volume of spam,” says David Staas, direc- 


more strategic, integrated 
security packages, which 
cost more. “Spam has the 
CEO’s attention now,” 
Schlosstein says. Spam- 
Equater Prime employs a 
“method mix” to rid your 
network of spam, includ- 
ing using proprietary 
header and body text 
rules to ferret out un- 
wanted messages, she 
says. Bart-Jan Schumann, 
general manager for ser- 
vice and support at Web- 
washer’s headquarters in 
Paderborn, Germany, 
adds that it’s vital to bal- 


BY TODD R. WEISS 
Unauthorized peer-to-peer 
file sharing on corporate net- 
works appears to be far more 
widespread than many compa- 
nies realize. 

In a study of P2P file shar- 
ing at 560 companies, Ottawa- 
based AssetMetrix Research 
Labs found that employees at 
77.1% of those companies en- 
gaged in Web-based file shar- 
ing during the past 14 months. 


Managed SOAP 


Actional Corp. in Mountain 
View, Calif., tomorrow will 
release the latest version of 
its Web services manage- 
ee Ane CM LO Vacca et) 
4.1. The upgrade adds tools 
so developers can better au- 
tomate management policy 
CHE eee Ctl] eysutti 
processes. Version 4.1 also 
boosts its fault tolerance with 
new clustering capabilities. 
MEH RIC lace ete) Rt 


tor of market develop- 
ment at Redwood City, 
Calif.-based Openwave 
Systems Inc. That spam 
avalanche is making 
Openwave’s three-tiered 
approach to fighting 
spam with its Mx 6 prod- 
uct attractive. “It’s no 
longer sufficient to 
delete it to get rid of it,” 
Staas argues. “You need a 
long-term strategy be- 
cause spammers inno- 
vate constantly.” He 
points out that the life of 
a spammer’s IP address is 
“about 20 minutes,” mak- 


Peer-to-Peer File-Sharing Threat Spreads 
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ing it almost useless to rely on tools that 
depend on blocking offending IP sources. 
The first tier of Mx 6’s defense system, 
which is deployed on powerful Unix 
servers on the edge of the network, elimi- 
nates most spam. Additional screening 


applications on another layer of servers 


process the remaining messages, and 


| desktop tools clean up the dregs. Open- 


wave is mulling using Linux as a server 
for an upcoming release because it can 
help keep end-user costs down. The next 
spam battleground, says Staas, will be 
mobile devices. That’s because by 2004, 
it will be possible to send SMS messages to 
countless handhelds from a single PC, 
eliminating the cost of sending such mes- 


| sages from another mobile device. Some- 


where, that’s called progress. ® All that 
spam is probably hogging loads of stor- 


| age on your storage-area network, forc- 


ing you to reconfigure it constantly. And 
for most sites, that means rebooting your 
server. Well, that hassle is over, so long as 
you are using Solaris servers and Fibre 


| Channel host bus adapters (HBA) from 


JNI Corp. in San Diego. Starting today, 


| users of JNI’s Version 5.3 of its Solaris 


drivers with the company’s FCX-6562 
HBAs won't need to reboot their servers after 
everyday tasks such as driver updates and 
logical unit number reconfiguration. The 
upgrade is free for existing users. ® Intel 


| Corp. celebrated its 35th birthday last Fri- 


day by using history to look into the fu- 
ture fast coming upon us. For example, 
the company pointed out that it took 29 
years to advance from 108 KHz on the 


company’s 4004 microprocessor to 1 GHz 
| on the Pentium III, but only 18 months to 
| jump to 2 GHz on the P4. Intel’s senior vice 


president for servers, Mike Fister, a 19- 
year veteran with the company, claims 
that today’s server performance will leap 
tenfold by 2008 and have even more ad- 
vanced self-management features. But will 
they stop spam? B 


analysis. The cost of a 60-day 
| monitoring subscription is $5 
per desktop, or $16 per desktop 


their PCs, according to the 
study, which was released last 
week. About 1 in 25 employees 
were found to be using the 
P2P applications. 

Aside from resource- 
sapping and security issues 
stemming from unauthorized 
downloads, corporations 
could find themselves legally 


| liable for copyright infringe- 
| ment, legal experts said. 


AssetMetrix posted its P2P- 


Some businesses had P2P pro- | Tracker analysis program on 
| its Web site [QuickLink a3500] 


grams on as many as 58% of 


to allow companies to check 
their networks for unautho- 


| rized P2P applications. It 
| can be downloaded for free 


through Aug. 31. 

Paul Bodnoff, president 
and chief operating officer of 
AssetMetrix, said his hosted IT 
asset management services 
business added the P2P detec- 
tion service to address escalat- 
ing legal liability threats. The 
software will identify instances 


| of P2P clients, but companies 


have to pay for additional 


for an annual contract. 
Some companies said that 
they’re monitoring P2P use 
on their own. Phil Jackman, 
IS manager at Ottawa-based 


| medical equipment supplier 


World Heart Corp., said most 


| employees are prohibited 


from installing applications 


| On company computers. He 


said his company hired Asset- 


| Metrix a year ago to inventory 


its computers and software li- 
censes, but it won’t need the 


| additional P2P monitoring. D 
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CA Users Get an Earful on Sonar’s 
Promise of Automated Management 


Laud strategy for maximizing resources New Products 





BY MARC L. SONGINI 
LAS VEGAS 
Boosting the automation of 
security and systems manage- 
ment was Computer Associ- 
ates International Inc.’s key 
focus at last week’s CA World 
2003 user conference here. 
The effort is built around 
a new architecture dubbed 
Sonar that CA will begin to 
roll out later this year. The 
technology aims to dynami- 
cally and securely allocate 
available server or storage re- 
sources to the business proc- 
esses that are most important 
at a particular point in time. 
Over the past several years, 
CA has been steadily enhanc- 
ing its software to help IT 
shops prioritize resource allo- 
cation. But the Sonar technol- 


ogy for the first time will auto- | 


mate management according 
to predefined business rules. 

In a keynote speech, CEO 
Sanjay Kumar explained that 
Sonar will look for IT assets, 
catalog them and then decide 
how they will be delivered 
to support a particular busi- 
ness process. Sonar will be 
embedded in CA products 
rather than sold as a stand- 
alone product, according to 
the company. 

Pieces of Sonar technology 
will start to appear early in the 
fourth quarter. Already in beta 
is the Unicenter NSM Dynam- 
ic Reconfiguration Option 
for VMware Software, which 
dynamically decides what re- 
sources are needed to meet 
performance requirements. 
Also in beta is the BrightStor 
Process Automation Manager, 
which will handle the provi- 
sioning of storage resources 
across multiple platforms. It 


LIKING LINUX 


Users liked what CA had to say about Linux 
at the CA World conference 


QuickLink 39970 
www.computerworld.com 








will ship in 120 days. 
Several users at the confer- 


| ence said they would be inter- 
ested in Sonar if CA delivers 
| on the promise. 


The technology might help 
address the demand to cut 
down on the costs of idle 
hardware and the people 


| needed to manage it, said 


Clark Ammons, production 


| and systems manager of infor- 


mation systems at Washington 
University in St. Louis. 

Some of the university's 
servers remain idle most of 
the time but are needed for 
occasional spikes in demand, 
such as when students are 
registering for classes, Am- 


Among CA's other product 

announcements last week: 
® Unicenter Web Services 
Distributed Management: Dis- 
covers, monitors and manages 
Web services. Currently in beta, 
will be available by year's end. 


® BrightStor ARCserve 
Backup Version 10: Speeds 
up the recovery of crashed Win- 
dows systems. Will be released 
in the fourth quarter. 


mons said. That hardware 
could be better exploited dur- 
ing downtimes, allowing the 
university to make do with 
what it has rather than having 
to buy new servers. 


IBM, Cisco Ink Deal With 
AXA for 8,000 Switch Ports 


IBM is first major 
reseller of Cisco’s 
IP storage switch 


BY LUCAS MEARIAN 
IBM last week penned a multi- 
million-dollar global server 
and storage consolidation deal 
with AXA Technology Ser- 
vices that represents the 
largest deployment of Cisco 
Systems Inc.’s multiprotocol 
switch to date. 

As part of the announce- 
ment, Cisco said IBM has be- 
come the first major vendor 
to begin reselling IP storage 
blades for its MultiLayer Data- 
Center Switches (MDS). 

The MDS 9000 switch ports, 
which can include IP storage 
modules, allow users to man- 
age remote storage devices 
over storage-area networks 
(SAN) via the Internet SCSI 
(iSCSD protocol. The switch 
ports also let users tunnel be- 
tween SANs for disaster recov- 
ery using the Fiber Channel 


over IP (FCIP) protocol. 

IBM Global Services and 
Cisco said the deal with AXA 
Technology Services, the in- 
house IT services arm of Paris- 
based financial services firm 
AXA Group, will result in the 
deployment of at least 8,000 
Cisco MDS 9000 switch ports 
over the next six years. 


Part of the Plan 


Scott Drummond, program di- 
rector for storage networking 
at IBM, said the AXA consoli- 
dation is part of a $1 billion 
on-demand computing deal 
that IBM and AXA signed in 
February. 

AXA has begun consolidat- 
ing servers, mainframes and 
storage devices in the U.S., 
France, Germany and the 
U.K., and it plans to deploy 


| almost 2,000 SAN switch 
| ports in the first year of the 


rollout. After the first year, 


| another 6,000 ports will be in- 


| stalled in data centers in Bel- 


gium and Australia. 


“I'd be foolish not to look at 
[Sonar],” Ammons said. 
It appears CA may be the 


| first vendor to deliver policy- 
| driven software that works 

| on a business-process level, 

| said Rick Ptak, an analyst at 


Ptak & Associates Inc. in 
Amherst, N.H. 

CA also announced the roll- 
out of eTrust Vulnerability 


| Manager, which IT shops can 


use proactively to discover 


| and correct security vulnera- 
| bilities in the enterprise. The 
| software comes bundled on 

| what CA is calling a rack- 


mountable Dell Computer 
Corp. appliance running Win- 


| dows 2000 Server. 


The product will prioritize 
systems by their business val 
ue, checking them against an 


Ron Roberts, global pro- 
gram manager for server 


| storage consolidation at AXA, 
| said the company chose Cisco 
| because its “strength in switch- 





| ing is unprecedented.” 


AXA has already installed a 
number of MDS 9000 switch- 
es and is testing them for per- 


formance, feature functions 
| and interoperability, said 
| Roberts. AXA will standardize 
| on the storage switch as it con- 


solidates from 15 SANs in six 


IBM’s Starting 
Prices for Cisco 
Switches/IP Blades 
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internal database that contains 
a catalog of more than 6,000 
vulnerabilities. It automatical- 
ly creates a remediation check- 
list that IT staffers can use to 
fix problems. 

The tool caught the eye 
of Denis Ball, lead network 
engineer for IT at the Col- 
orado Springs School District, 
who said it could help speed 
the process of battening down 
his network. The school dis- 
trict currently runs Unicenter 
systems management software 
and several security tools 
from CA. 

in Ball’s organization, 
students like to hack into the 
network, so “the more vulner- 
ability we can get out of the 
network, the less chance for 
[their] real success,” he said. 

Pricing for eTrust Vulner- 
ability Manager starts at 
$25,000 per appliance plus $2 
per node per month. It sup- 
ports systems running Win- 
dows, Linux and Unix, and is 
shipping now. DB 


countries to roughly one SAN 
per country. 

Roberts declined to put a 
price tag on the AXA consoli- 
dation project. 

The AXA deal “definitely 
proves the viability of the 
Cisco switch,” said Nancy 
Marrone-Hurley, an analyst 
at Enterprise Storage Group 
Inc. in Milford, Mass. “No 
way would IBM risk losing 
that size deal by going with 
anything but the best.” 

Cisco has been offering 
blades for its MDS 9000 prod- 
ucts that support both the 
iSCSI and FCIP protocols 


| since August 2002. 


FCIP is a method for con- 


| necting two or more SANs by 


encapsulating Fibre Channel 
frames in IP headers for trans- 


| port over long distances via 
| Ethernet. The iSCSI protocol 
| is used to facilitate data trans- 


fers over LANs and manage 
storage over long distances 
via Ethernet. 

The IP modules are now 
available on Cisco’s MDS 


| 9216 switches and on its 9509 


and 9506 directors, which 
sport 224 ports and 128 ports, 
respectively. D 
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Continued from page 1 . 
Cybersecurity _ 


message that the White House 
no longer cares about this is- 
sue,” said Richard Clarke, for- 
mer chairman of the Presi- 
dent’s Critical Infrastructure 
Protection Board. “They will 
eventually find someone who 
will agree to do it anyway, but 
they will be so hamstrung that 
it will take at least a year to re- 
gain the capability that we had 
in 2001.” 

Clarke is now chairman 
of Arlington, Va.-based Good 
Harbor Consulting LLC 
[QuickLink 39804]. 

A former senior administra- 
tion official who requested 
anonymity said many of the 
candidates who possess the 
skills necessary to do the job 
are senior executives in the 
private sector who are con- 
cerned about a lack of authori- 
ty in a position that will re- 
quire a significant amount of 
cross-agency collaboration. 

In addition, many are wary 
of what the official character- 
ized as “an axis of evil” com- 
prising the National Economic 
Council, the Office of Science 
and Technology Policy and 
the Office of Management and 
Budget (OMB) — agencies 
that have sought to redirect 
the administration’s attention 
to other priorities. 

A senior DHS official, who 
also requested anonymity, said 
two candidates have been 
identified for the position and 
have said they are willing to 
accept the job. However, the 
official said that Robert P. Lis- 
couski, assistant secretary for 
infrastructure protection at the 
DHS, seems to be holding out 
for a high-profile executive 
with impeccable qualifications. 

The person who steps up to 
the challenge will likely do so 
out of a sense of duty and patri- 
otism, not because of the way 
the DHS is managing the effort, 
according to a half-dozen se- 
nior IT industry executives in- 
terviewed for this story. 

“For a person to take this 
job, they have to be comfort- 
able with the laissez-faire ap- 
proach toward IT security, 
which I’m not comfortable 





with,” said John Copeland, 
chairman and chief scientist 
at Lancope Inc., an intrusion- 
detection system vendor in 
Alpharetta, Ga. 

“I think I could be more ef- 
fective outside the govern- 
ment,” Copeland said. “The 
people who are really quali- 
fied are probably in positions 
where they are really accom- 
plishing things. You’re not go- 
ing to find an effective securi- 
ty manager who’s out of work 
and looking for a job. You have 
to entice them.” 


The Chain of Command 
Maria Cirino, co-founder and 
CEO of Guardent Inc., a man- 
aged security services firm in 
Waltham, Mass., said it would 
take a direct line to Homeland 
Defense Secretary Tom Ridge 
for her to consider such a posi- 
tion. The departures of Clarke 
and his successor, Howard 
Schmidt [QuickLink 38015], 
were sealed when it became 
clear that their positions 


| with a catastrophic é 


NEWS 


“were being rele- 
gated to window 
dressing,” said 
Cirino. At best, the 
administration’s 


| current position on 


cybersecurity is 
hypocritical and 
will change only 


incident, she 
added. 

Jerry Harold, co- 
founder of security 
consulting firm 
NetSec Inc. in 
Herndon, Va., and 
vice president of 
its government so- 
lutions group, said 
a lot of questions 
about the reporting 
structure would have to be an- 
swered before he would even 
consider the job. 

“I would be four layers 
down from the secretary but 
given a mandate to handle na- 
tional priorities,” he said. In 
addition to having Congress 


You're not 
going to 
find an effective 
security manager 
who's out of 
work. You have 
to entice them. 


JOHN COPELAND, 
chairman and chief 
scientist, Lancope Inc. 


overseeing his 
activities, Harold 
said, the unde- 
fined relationship 
with the director 
of the OMB, who 
is responsible for 
overseeing the 
government's inci- 
dent response ca- 
pability, could 
cause additional 
political problems. 

“There, I [would 
be] down at the 
bottom of the or- 
ganization as some 
kind of cog,” said 
Harold. “Security 
managers in indus- 
try have a respon- 
sibility to create 
and enforce policy across the 
entire organization, and they 
work from the top of the man- 
agement chain down. And yet 
the government has them 
buried down in the structure 
where they’re little more than 
a project manager.” 
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Tom Goodman, vice presi- 
dent of operations at Bluefire 
Security Technologies, a wire- 
less security company in Balti- 
more, said that if asked, he 
would accept the position out 
of a sense of duty. But he stiil 
has concerns about the cur- 
rent reporting structure. 

“Having the ear of the sec- 
retary would be enough,” he 
said. “[But] it should not be a 
dotted line. It should be a di- 
rect report, and it should be at 
the assistant secretary or 
deputy secretary level.” 

David Wray, a spokesman 
for the DHS, said appointing 
an adviser for cybersecurity at 
the assistant secretary or 
deputy secretary level “would 
be completely dysfunctional” 
and out of proportion for what 
is only one component of crit- 
ical infrastructure. 

Wray noted that the DHS 
has made clear its intent to 
integrate the management of 
physical security and cyber- 
security. D 





Continued from page 1 
Microsoft Deal 


alternative sources for its soft- 
ware. 

On June 25, Gates met with 
Ridge and other leaders on 
Capitol Hill. And on June 27, 
the DHS signed a contract 
with the company for server 
and desktop software for ap- 


| proximately 140,000 users. 
| The DHS described the con- 


tract as a critical step in the 
department’s efforts to estab- 


| lish acommon computing en- 


vironment for its 22 formerly 
independent agencies. 

But with the discovery on 
July 16 of a critical security 
flaw affecting nearly every 


| version of the Windows oper- 


Now [the DHS] 
is held hostage 
to the imperfections 


| of Microsoft code- 


ROGER CRESSEY, FORMER CHIEF 
OF STAFF, PRESIDENT’S CRITICAL IN- 





FRASTRUCTURE PROTECTION BOARD 


ating system — including 
Windows Server 2003, the 
first product to be sold under 
Microsoft’s so-called Trust- 
worthy Computing initiative 
— some security experts are 
warning that the DHS may 
have backed itself into a secu- 


rity quagmire. 


Options Were Open 
“They had a choice, but it 
would have been costly and 
time-consuming,” said Roger 


| Cressey, former chief of staff 


of the President’s Critical In- 
frastructure Protection Board. 

“The real alternative was to 
go open-source. But for 22 
agencies, an overwhelming 
majority of which use nothing 
but Microsoft operating sys- 
tems, to convert to another 
platform in an efficient and 
cost-effective manner would 
have been hard to accom- 
plish,” said Cressey. “DHS has 
neither the time, the money, 
nor the flexibility for that. 
Now it is held hostage to the 
imperfections of Microsoft 
code-writing.” 

DHS CIO Steve Cooper, 
who’s leading the massive in- 
tegration effort, didn’t return 





Computerworld’s calls seeking 
comment. 

Microsoft spokesman Keith 
Hodson said no software has 
yet been shipped to the DHS 
under the recent contract, so 
the department will receive 
software with the necessary 
patches. Hodson also said that 
as recently as Friday, the DHS 
reaffirmed its confidence in Mi- 
crosoft’s ability to handle any 
security problems that arise. 

A former senior Microsoft 
executive who spoke on con- 
dition of anonymity said he 
has “yet to find someone 
who’s come up with a defini- 
tive, unbiased white paper on 
the pros and cons of relying 
on a single software vendor” 
for all or most of an organiza- 
tion’s IT infrastructure. 

Rafael Nunez, a former 
hacker now employed as a se- 
curity expert at Scientech Inc. 
in Gaithersburg, Md., said that 
although standardizing ona 
single software platform makes 
it easier for hackers to pene- 
trate different parts of an en- 
terprise, the DHS would have 
been far less secure had it de- 
ployed open-source software. 

“There’s a reason the gov- 





ernment doesn’t buy open- 
source software,” said Nunez. 
“They don’t buy it because 
they know that every hacker 
and software cracker can 
study the code for exploits.” B 





Continued from page 1 
Windows Flaw 


protocol that deals with mes- 
sage exchange over TCP/IP. It 
allows attackers to take over a 
victim’s system and install ma- 
licious code; view, modify or 
delete data; or create new user 
accounts. 

“It is probably the most seri- 
ous vulnerability that we have 
seen from Microsoft in the 
past 12 to 18 months,” said 
Chris Rouland, director of In- 
ternet Security Systems Inc. in 
Atlanta. 

The flaw — word of which 
followed the announcement of 
another major Windows vul- 
nerability only a week before 
(QuickLink 39744] — high- 
lights the continuing chal- 
lenge that users face in secur- 
ing Microsoft software, said 
Scott Loach, senior informa- 
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Still Lacks 


Focus ‘Two Years After 9/11 


Survey finds that most companies have | 
avoided centralized security oversight 





BY DAN VERTON 
FTER THE terrorist 
attacks of Sept. ll, 
2001, many CEOs 
were surprised to 
learn just how decentralized 
their security management 
structures were. But that sur- 
prise hasn’t yielded much 
change, according to a new 
survey. 

The survey results, re- 
leased earlier this month by 
Alexandria, Va.-based Amer- 
ican Society for Industrial 
Security International Inc. 
(ASIS), showed that most 
companies have steered away 
from centralized management 
and strategic oversight of se- 
curity, instead spending more 
money on insurance as a 
protection. 

“High-level reporting and 
accountability are still the ex- 
ception rather than the rule in 
corporate security manage- 


tion security engineer at Ray- 
mond James Financial Inc., a 
financial services firm in St. 
Petersburg, Fla. 

Raymond James had just 
completed patching 500 Win- 
dows servers against the pre- 
vious flaw and is now scram- 
bling to protect its systems 
against the new vulnerability. 

The frequency with which 
such patching is needed has 
prompted the company to 
consider automated patching 
technology, Loach said. 

“We've had endless meet- 
ings with Microsoft about the 
state of their security and the 
way these patches come out 
and the trouble it causes us,” 
Loach said. “It’s just what you 
have to live with” when deal- 
ing with Microsoft, he added. 

The flaw discovered last 
week “is the latest in a seem- 
ingly never-ending stream of 
issues that afflict [Microsoft] 


| Where the Money Goes 








ment,” according to the sur- 
vey, which polled more than 
300 security and risk man- 
agers. “While one quarter of 
companies have a chief securi- 
ty officer [CSO], most of the 
remainder do not appear to 
have much interest in creating 
the position.” 

In addition, while security 
spending since Sept. Il has in- | 
creased on average by only 
4%, corporate spending for in- 
surance premiums has jumped 
by 33%. One-fifth of the com- | 
panies surveyed reported a 
doubling of insurance spend- 
ing since Sept. ll. 


Mary Ann Davidson, CSO | 
at Oracle Corp., said insurance | 
without a solid organizational 





structure is fruitless. 
“Purchasing expensive in- 

surance for security without 

improving your operational 


products,” said Bruce Azuma, 
corporate director of informa- 
tion technologies at Wilbert 
Inc., a Broadview, IIl.-based 
company in the funeral ser- 
vices and industrial plastics 
businesses. “As a medium-size 
business user of Microsoft, I 
am growing more and more 
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| crosoft’s Trustworthy Com- 


security is like buying new 
drapes for a dirty house,” she 
said. “Organizations need to 
clean house first through bet- 
ter operational security and 
then use insurance to mitigate 
the remaining risk.” 

But therein lies another | 
problem, said MacDonnell 
Ulsch, managing director of 
Janus Risk Management Inc. 
in Marlboro, Mass. “Compa- 
nies have not yet fully grasped 
how to embrace enterprise 
risk,” said Ulsch. And while 
companies are earmarking ad- 
ditional funds for security, he 
said, “bigger budgets don’t 
translate seamlessly into bet- 
ter security.” 

The real question that needs 
to be answered, according to 
Ulsch, is how the 4% increase 
was spent. “Did the right pro- 
grams get funded? Were com- 
panies thinking of risk from a 
holistic viewpoint, or did they 
invest in expensive point solu- 
tions guaranteed to prevent a 
meltdown?” he said. 

The CIO at a global auction 





concerned with Microsoft's 
ability to release stable, secure | 
products.” 

Such flaws also raise ques- 
tions about the efficacy of Mi- 


puting initiative, said John 
Cowan, corporate IT director 
at Caldwell Industries Inc., a 
Louisville, Ky.-based injection 
molding manufacturer. 

“On a scale of 1 to 10, I 
would give [Trustworthy 
Computing] a 3,” Cowan said. 
“I don’t know what the prob- 
lem is, but it doesn’t look like 
they have been able to lock 
down their software like they 
said they would.” 

Discovery of the flaw 
“cracked the bubble” around 
Windows Server 2003 security 
and will force Microsoft to re- 
double its efforts to find out 
what went wrong, said Pete 
Lindstrom, an analyst at The 
Spire Group, a consultancy in 





company, who spoke on con- 
dition of anonymity, said that 
despite the increasing risks 
most companies face, profit 


to justify many new security 
programs. 


Executives with security 
responsibilities 


Malvern, Pa.. But it would be 
premature to see it as a sign of 
broader security problems in 
Windows Server 2003, he cau- 
tioned. “I would be embar- 
rassed for anyone who jumps 
to that conclusion,” he said. 

Kevin Kean, director of 
Microsoft's security research 
center, last week insisted that 
the company’s Trustworthy 
Computing initiative is work- 
ing, despite the fact that seri- 
ous flaws keep cropping up in 
Windows software. 

Trustworthy Computing “is 
a long-term vision,” Kean said. 
“We are committed to improv- 
ing [it] on an ongoing basis. 
When we find something that 
goes wrong ... we try to fig- 
ure out where we need to 
make progress.” 

One sign that Trustworthy 
Computing has begun to pay 
off is the relatively low num- 
ber of flaws uncovered in 
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With respect to the organi- 
zational and oversight chal- 
lenges, having a single person 
be responsible for security is 
critical, the CIO said. 

Companies “that do not 
have a CSO lack a focal point 
for the true accumulation and 
measurement of risk and as a 
result do not make business 


| decisions based on the total 
margins are simply too narrow | 


risk picture,” he said. “As 
CIOs, we have to make up for 
that gap.” B 
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Windows Server 2093 so far, 


| compared with Windows 2000 


at the same stage, Kean said. 
Just four security bulletins 
have been released for Win- 
dows Server 2003, compared 
with 14 for Windows 2000 in 
the same period, Kean said. 
Some users agreed with 
Kean’s assessment. “In fairness 
to them, they are doing the 
right things,” said David Ry- 
mal, IT director at Providence 
Health System in Everett, Wash. 
“(Windows 2003] shows a 
complete reversal in deploy- 
ment methodology compared 
to earlier versions, when 
everything was turned on and 
left unsecured by default,” 
said Antony DeVoto, NT sys- 
tems administrator at Volvo 
Finance North America Inc. in 
Montvale, N.J. “Finally we are 


| seeing Trustworthy Comput- 


ing making a difference that 
should benefit us all.” D 
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Global IT Spending 
Levels Off in Q2 


Worldwide IT spending continued 
to show stability in the second 
quarter of 2003, but significant 
gains in corporate spending have 
yet to happen, according to mar- 
ket research company IDC. Global 
IT spending is expected to sur- 
pass $872 billion for the full year, 
an increase of 1% from last year. 
In the U.S., IT spending will be 
flat this year, with declines in 
overall hardware spending, large- 
ly related to price competition, 


| 
| 
| 
| 
| 
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Amerisure Automates 
Policy Processing System 


NEWS 


| Uses Compuware tools to test new 


| multimillion-dollar insurance network 


BY MATT HAMBLEN 
ESTING and perfor- 
mance management 
tools from Com- 
puware Corp. are 
being deployed at Amerisure 
Insurance Co. to help build a 
modern multimillion-dollar 


| insurance policy processing 


being offset by marginal growth in | 


software and services, IDC said. 


EMC Dealt a Blow 
In Legato Deal. . . 


EMC Corp.'s $1.3 billion acquisi- 
tion of Legato Systems inc. hit a 
snag last week when Legato 
shareholders filed two lawsuits 


and self-dealing” against Legato 
and its board of directors. The 
lawsuits came just a week after 
EMC agreed to buy Legato, a 
maker of storage management 
software in Mountain View, Calif., 
to fill gaps in its storage infra- 
structure and data management 
software offerings. 


AELENET NNT 


... But Reports 
Strong Q2 Results 


EMC reported strong second- 
quarter results last week, citing 
growth across all segments of its 
business, thanks to new products 
and services and an expanded dis- 
tribution network. The Hopkinton, 
Mass., company reported revenue 
of $1.48 billion for the quarter 
ended June 30, representing a 
7% growth rate over the same 
quarter a year ago. 


Short Takes 


INTEL CORP.’s second-quarter 
revenue was up 8% from last 
year... . ORACLE CORP. granted 
5.9 million new unqualified stock 
options to be shared among nine 
of its executives. 


system. 
“Some of our systems are 


| antiquated, and we embarked 


on a process to redeploy them, 


| starting with our workers’ 

| compensation insurance line 
| of business,” said Frank Pe- 

| tersmark, vice president of IT 


at Amerisure in Farmington 
Hills, Mich. “But I wanted to 


| pre-quality-test and ensure the 


aha can | system before production.” 
claiming “breach of fiduciary duty | °° ee 


Before the insurer began de- 


| veloping the Amerisure Policy 
| System (APS) last year, “we 





| BY MATT HAMBLEN 
| Videoconferencing and collab- 


oration technology are getting 


a boost from separate vendors. | 


Wave Three Software Inc. 
today will announce server 
software for desktop video- 
conferencing and collabora- 
tion based on the Session Ini- 
tiation Protocol. Meanwhile, 
Tandberg, a videoconferenc- 
ing market leader in 
New York, last week 
announced new gate- 
way hardware to allow 
greater flexibility in 
making videoconfer- 
encing connections 
between suppliers, 
partners and cus- 
tomers. It also an- 
nounced support for 
h.264, a standard that 
it said will produce 
superior video quali- 





| had always struggled with 
| finding a way to do a better 


road test,” he said. “We always 


| had a disparate group of IT 


testing products that you had 
to bundle together.” 

To develop a more holistic 
approach, Amerisure pur- 
chased Compuware’s Vantage 
performance management and 
AQCenter Performance Edi- 
tion testing tools, spending 
about $50,000, Petersmark 
said. Amerisure used the 
products to pretest APS appli- 


| cations, code and network 
| links affecting workers’ com- 


pensation policies — which 
represent about half the com- 


| pany’s business. 


The testing with Detroit- 
based Compuware’s tools 
helped reveal errors in data- 
base coding that Amerisure 


Vendors Vie to Boost 
Videoconferencing Market 


ty but use half the bandwidth 
of current systems. 

Wave Three, a start-up in 
San Diego, has focused on at- 
tracting university customers 
interested in distance learning 
and real-time video and col- 


| laboration between academic 

leaders, according to the com- 

pany’s CEO, Robert Randall. 
One beta user of Wave 
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had written, showing that 
problems experienced by re- 
mote users weren’t caused by 
the company network, Peters- 
mark said. “Our experience is 
that the network is always 
blamed for slowdowns, but 
now we can show it isn’t al- 
ways the problem,” he said. 

Amerisure, with $600 mil- 
lion in annual revenue and $1.3 
billion in assets, has about 700 
users in 10 states, all of whom 
use the APS. 

Amerisure is now using the 
tools to help modernize its 
policy system for other lines 


| 


9 | have learned 
the value of 
having tools to dis- 
cover a problem 
before there is one. 


FRANK PETERSMARK, VICE PRES! 





Three’s Session Conference | 
Server is the University of 
Arkansas for Medical Sciences. 
The Little Rock school might 
use it for distance learning, 
clinical consultations, re- 
search collaboration and day- 
to-day administration, said 
Mark Clark, director of techni- 
cal operations. “Our goal is to 
make video communications 
seamless” for up to 7,000 
knowledge workers, he said. 
With Wave Three, Clark pre- 
dicted that he will be able to 
use existing desktops, won't 
have to buy in-room 
video gear and may 
be able to reduce the 
number of leased 
lines he needs. He 
said he’s not looking 
for a reduction in 
travel costs, but he is 
hoping for enhanced 
communications. 
Session Confer- 
ence Server is avail- 
able now on Win- 
dows 2000 Server, 


| 
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of business, such as commer- 
cial auto and general liability 
insurance, Petersmark said. 
The new policy systems will 
cost “millions of dollars,” un- 
derscoring the value of testing 
the products. 

“T have learned the value of 
having tools to discover a 
problem before there is one,” 
he said. 

Amerisure considers the 
APS to be the heart of its busi- 
ness, since it involves the pro- 
duction of policy forms and 
workflow, company officials 
said. The Compuware tools 
that helped build and test it 
are used by a half-dozen data- 
base administrators, network 
managers and developers. 

Amerisure bought the Com- 


| puware tools after a review of 


products from other major 
management vendors, includ- 
ing Computer Associates In- 
ternational Inc., IBM’s Tivoli 
Software and Hewlett-Packard 
Co. Compuware “was a good 
fit with us,” Petersmark said. 

Amerisure still uses unrelat- 
ed OpenView products from 
HP, but “we didn’t think they 
were strong on testing appli- 
cations,” he said. D 


starting at $10,500 for 10 users, 
according to Wave Three. 

Tandberg’s Gateway is avail- 
able now for $21,000 for a 
4Mbit/sec. gateway, but the 
price will rise to $32,000 in 
October. The company also 
announced the Tandberg 
Management Suite, which al- 
lows users to schedule confer- 
ences in Microsoft Exchange 
and Outlook. 

Andrew W. Davis, an analyst 
at Wainhouse Research in 
Brookline, Mass., said the new 
gateway product means Tand- 
berg can sell infrastructure 
products as well as endpoint 
gear such as cameras, micro- 
phones and compression- 
decompression software. 

Tandberg’s Gateway will en- 
able interoperability with oth- 
er systems deployed by other 
users, Davis said. By contrast, 
Wave Three is proprietary 
software, meaning a user 
wouldn’t be able to videocon- 
ference a call to a rival ven- 
dor’s system. D 





What do you stand to gain by replacing your old PCs? A lot, for starters. 


monitor not included 


HP COMPAQ d330 
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Starting at: 


$599" 
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There’s No Killer App 


For Linux, Kapor Says 


BY TODD R. WEISS 
PORTLAND, ORE 

Mitch Kapor, co-founder of the former 
Lotus Development Corp. and creator of 
the Lotus 1-2-3 spreadsheet, is leading a 
project called Chandler to create an 
open-source personal information man- 
ager package [QuickLink 

34022]. He also established the 

Open Source Applications Foun- 

dation in 2001 to encourage 

open-source development. At the 

recent O’Reilly Open Source 

Convention here, Kapor spoke 

with Computerworld about the 

effect of Linux and open-source 
software on business computing. 


Linux is increasingly gaining respect 


among IT professionals. What does that 
mean for the continued development of the 
operating system? I expect to see gov- 
ernment and private foundations pro- 
vide funding for open-source develop- 
ment in the future. As the overall so- 
cial value of open-source becomes 
clearer and clearer, you will see 


new kinds of funding models. 


Is business ready today to adopt open- 

source applications for critical needs? 

A lot depends on the perspective 

from which you're looking at things. 

Whether it’s suitable for you depends 
on what your needs are. For 
many people, it’s perfectly 
good, and for others, it’s miss- 
ing that critical part. There’s no 
fundamental technological bar- 
rier preventing it from [filling 
the remaining gaps]. 


Do you use Linux as your primary 
operating system? It’s not yet 
there day-to-day for what I do. I 


| fiddle with it just to stay fresh. It will be 


nice when it’s ready to do everything. 


What’s keeping Linux from being able to 
serve as your primary operating system? 

I have collaborative calendaring as a 
critical need, and I’m waiting for up- 
coming connector software [to make it 
work seamlessly]. 


Where do you see Linux and open-source 
making the next big push into business IT? 
I think the penetration into big enter- 
prises in the immediate future is going 
to be in the verticals, like call centers. 
For knowledge workers, there’s a high 
bar, and Linux is not ready for that. But 
in call centers, they use their machines 
to do specific kinds of things. The Lin- 
ux desktop is sufficiently mature to 
take those kinds of calls well. 


Lotus 1-2-3 was a key to the proliferation of 
PCs and desktop computing. Is there a simi- 
lar must-have application that could spawn 
amass migration to Linux and open- 
source? There’s no killer app. People 
need different things. That’s really the 
task of an operating system. It’s not do- 
ing one thing right. It’s doing a thou- 


| sand things right. 


You have said that Linux on the desktop 
will continue to become more commonplace 
and could take 10% of the global market 
share from Microsoft Windows in the not- 
too-distant future. Do you think major 
changes are coming to the operating sys- 
tem landscape? We're not going 

to see an explosion of Linux in the 
next 18 months. Ten percent of a bil- 
lion [Windows users] is 100 million. 
That’s a lot. Linux on the desktop is 
actually here. D 





Linus Torvalds Releases Test 
Version of Linux 2.6 Kernel 


Beta signals developers 
to focus on bug testing 





BY ROBERT McMILLAN 
A test version of the much-anticipated 
Version 2.6 of the Linux kernel was 
released last week by Linux creator 
Linus Torvalds. 

The release of the kernel, called 
2.6test, means that kernel development 


will switch focus from feature develop- | 


ment to bug testing as the Linux com- 
munity scrambles to get the final ver- 
sion of Linux 2.6 ready over the next 


few months. 


“The point of the test versions is to 


| make more people realize that they 
| need testing and [to] get some strag- 
| gling developers realizing that it’s too 


late to worry about the next big fea- 


| ture,” said Torvalds in a posting to the 


kernel developers’ mailing list. 
The release of the test code sends a 
message to software developers and 





Linux vendors, according to Joseph 
| 


Pranevich, a systems administrator at 
Terra Lycos SA in Barcelona, Spain, 
and a longtime Linux kernel watcher. 
“It says, ‘We’re in freeze, we’re not 
making any changes, and pretty much 
what you see, plus stability, it’s what 
you get,’” he said. “Now it’s time for 
the people that are interested in devel- 


| oping [applications] to take a look at 


2.6 and become acquainted with it.” 
The 2.6 kernel includes support for 
Non-Uniform Memory Architecture 
(NUMA) servers, which is expected to 
strengthen Linux’s appeal as a multi- 
processor operating system. It will also 
include support for embedded proces- 
sors that don’t contain memory man- 
agement units, such as Motorola Inc.’s 
DragonBall and ColdFire processors. 
“The concept that you can have, 
out of the same source tree, some- 
thing that works on a [handheld de- 
vice] and something that works on a 
64-way NUMA machine is just amaz- 





ing to me,” said Pranevich. 

How long the beta phase of Linux 2.6 
will last is anybody’s guess, but Tor- 
valds expressed optimism that it will 


| be shorter than the seven months it 


took to finalize Linux 2.4, which was 
subject to repeated delays. 

Linux vendors Red Hat Inc. and 
SuSE Linux AG are preparing their own 
Linux 2.6 test kernels to offer to adven- 
turous customers and software vendors 
that may want to test the new code. 

SuSE’s test kernels will be available 
around the beginning of the third quar- 
ter, according to a company spokes- 
man. Red Hat said its version will be 
available this month. 

SuSE expects to have an “enterprise- 
ready” distribution based on the 2.6 
kernel available by next May or June, 
said a company spokesman. Red Hat 
declined to say when it expects to ship 
its 2.6 version. D 





McMillan writes for the IDG News 
Service. 


MORE ONLINE 


For more Linux news, visit our special focus page: 


QuickLink si000 
www.computerworld.com 








sensitive information every day. Unfortunately, the 
hard drives can also be via the network 


contributing to 
theft every year. To protect this weak link ir 


$60 billion worth of information 
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NetScout Moves to Unify Network, 
Performance Management Tools 


Rivals expected 
to follow suit 


BY MATT HAMBLEN 

NetScout Systems Inc. last 
week announced two product 
upgrades designed to unify 
real-time and historical re- 
porting of network and appli- 
cation performance data on 
large corporate networks. 

At the heart of the upgrades 
are NetScout’s new Common 
Data Model (CDM) Adaptors, 
software designed to help 
users gather basic perfor- 
mance data from a range of 
switches and routers, said 
Leslie Miller, product market- 


ing manager at the Westford, 
Mass.-based company. 
The new technology will be 


| offered within NetScout’s 


nGenius Performance Manag- 
er 2.0 software and nGenius 
Probe 6.0 firmware, which is 


| arack-mounted device that 
| gathers and analyzes traffic- 


flow records from network 
nodes. Both upgrades will be 


| available by the end of this 


month, NetScout said. 
Keith Axtell, a performance 


| analyst at Consumers Energy 


in Jackson, Mich., has been 
testing Performance Manager 


2.0 for the past month, having 


installed an earlier version a 
year ago. 


; One improvement that Ax- 
| tell has noticed is an enhanced 
| ability to simultaneously run 
multiple windows containing 
network performance data on 
his PC. “You did a lot of win- 
dow management in the earli- 
er release,” he said. 
Consumers Energy, an elec- 
tric and natural gas utility, has 


nGenius Performance 
Manager 2.0 


nGenius Probe 6.0 








to monitor 6,500 nodes in a 
network that spans 100 sites in 
Michigan. NetScout’s technol- 
ogy has given IT staffers bet- 
ter tools for monitoring con- 
nectivity to all those devices, 
Axtell said, adding that the im- 
provements have become es- 
pecially critical as the utility 
company moves from manag- 
ing mainframe systems to 


| ; ee td 
| managing distributed systems. 


Performance Manager 2.0 
has been in production use for 


| the past month in a small seg- 


ment of the network at the 
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Uncasville, Conn.-based Mo- 
hegan Sun casino, which sup- 
ports a total of 7,500 nodes, 
8,000 phone lines and 6,200 
slot machines that are serially 
connected to the network. 
The new version will be es- 
pecially useful because the 
CDM Adaptors can bring in in- 
formation from other data 
sources besides Remote Moni- 


| ° . ° 
toring, said Kevin Carey, the 


casino’s network administrator. 

Michael Howard, an analyst 
at Infonetics Research Inc. in 
San Jose, said that NetScout is 
the first vendor to come out 
with unified technology for 
network and application 
monitoring. 

Howard predicted that the 
offering will quickly be emu- 
lated by rivals such as Con- 
cord Communications Inc. 


| and Network Associates Inc.’s 


Sniffer Technologies unit. D 
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V2X Subsystem 


To me, success is a 35 minute lunch. 
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Means I’m not wasting time doing the 


same data management task again and 


again and again and...well, you'get it. 
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OPINION 


PATRICIA KEEFE 


Security Disconnect 


’D TELL YOU, but then I'd have to kill you. 
OK, it wasn’t quite that bad, but a recent 
briefing with Robert P. Liscouski, a man 
whose long title could choke a horse — assis- 
tant secretary of homeland security for infra- 
structure protection in the Information Analysis 
and Infrastructure Protection Directorate of the 
Department of Homeland Security — came up 
short on what I was looking for: information about 


how this all affects you. 
The briefing was 
necessarily lacking in 
specifics about how the 
department does things 
and how it handles things 
because, well, you know. 
But Liscouski did say 
the feds are looking to 
build a leadership team, 
and he specifically wants 
to tap someone with in- 
dustry knowledge and 
business expertise to lead 3 
the still vaguely defined effort. (But, 
as it turns out, there’s speculation 


that no one wants the job in the wake | 


of two White House security czar 
resignations and a distancing of the 
DHS unit from the White House.) 


I wanted to know what the DHS is | 


doing to get the attention of corpo- 
rate America, and more important, 
to secure its participation and coop- 


eration in combating cyberthreats to | 


national and business security. 

Not much, as it turns out. There 
won't be any regulations — not like 
what we have with privacy and the 
Sarbanes-Oxley Act. So there won’t 
be any fear of losing your job — not 
like there was with Y2k. Which 


means there isn’t any pressure to di- | 


vert limited funds toward address- 
ing security issues and implement- 
ing standard security practices. 
And that’s a problem. Just look at 
last week’s tip-packed Knowledge 
Center report on security [Quick- 
Link k1100]. We dug up scores of 
ways to batten down the data hatch- 
es. Looking it over, I thought some 
of these tips weren’t new, and some 





of the risks, such as dis- 
gruntled employees, 
have been written abou 
ad nauseam. And yet it 
all bears repeating be- 
cause we don’t appreci- 
ate the value of follow- 
ing basic safety rules. 
Just as many drivers 
snub seat belts, many 
companies duck digital 
security. 

It would be great if the 
same government de- 


| partment that wants businesses to 
| report attacks and buy certified se- 
curity products could show an inter- | 


est in providing some incentives for 


| activities that could foil those at- 
| tacks in the first place. The IT camp | 
| something we can all talk about. D 


knows we've got a problem — it’s 





convincing management to do 
something about it. People are look- 
ing for as much help as they can get. 


But then again, I’m not sure how 


much help you can expect from a se- 
curity agency that signs a $90 mil- 
lion contract with Microsoft — the 
leading cybersecurity sinkhole — on 
the same day that vendor warns of 
three new Windows vulnerabilities, 
including one deemed “critical.” 

The bigger problem is that 80% 
of the nation’s critical infrastructure 
is privately controlled, and several 
recent studies point to a significant 
disconnect between business and 
IT executives over security issues. 
Frustration over the glacial pace of 
DHS progress spawned last week’s 
introduction of a coalition of secur- 
ity vendors, integrators and experts 
that hopes to create salable prod- 
ucts [QuickLink 39918]. But even 
that group has no defined short- 
term goals. 

So I have one for the DHS and the 
vendor group: Forget about building 
organizations and products for now. 
Concentrate on educating CEOs on 
the issue and helping IT executives 


| get just the basic security measures 


deployed and enforced. Now that’s 
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DHS Creating 
Opportunities 


OW THAT the Depart- 

ment of Homeland Se- 

curity has taken up the 
task of coordinating security 
for wireless and mobile tech- 


nology, it’s likely we'll see an 
expanded market for all types of de- 
vices and systems. In addition, govern- 
ment money will recharge R&D for mo- 
bile and wireless, which has been lan- 
guishing because of flagging capital in- 
vestment and a poor business climate. 

For example, the department’s Na- 
tional Communications Service (NCS) 
has already rolled out a wireless priori- 
ty service (WPS) using commercial 
vendors. This nationwide system 
would give wireless calls made by key 
government officials priority treat- 
ment during an emergency that result- 
ed in a congested wireless network. 
The WPS is connected to a mobile 
switch that has been 
updated to bypass 
local exchange net- 
works when neces- 
sary. This assures 
connectivity to the 
Government Emer- 
gency Telecommuni- 
cations Service. 

In addition, the 
DHS grants money 
to state and local 
governments for 
emergency planning, 
and in June it created the National 
Cyber Security Division (NCSD) to 
sweep cyberspace for potential nasties. 
The NCSD is also charged with aiding 
national-level recovery efforts and 
helping to protect against cyberthreats. 

Other initiatives include an effort to 
use the Internet and wireless for an 
emergency notification system in the 
Washington area, and the Backup Dial 
Tone Project designed to keep key fed- 
eral buildings humming despite a ter- 
rorist attack. The NCS selected satel- 
lite technology for the first demonstra- 
tion of this project; another demon- 
stration will use Free Space Optics 
technology. Wireless voice over IP is 
also slated for a test. 

The key to the DHS’s strategy is to 
move ahead on several fronts at the 
same time, something businesses can’t 
afford to do. 

Private-sector spending on security 
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Relax. Softchoice has everything you need. 


At Softchoice, we take pride in looking after your requests for pricing and product information — no matter how simple or 
complicated. We also promise a live knowledgeable response to every call. Looking to get a jump on a brighter and more 
productive future? Sometimes a quick answer is all you need. 
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Call Softchoice and let us put some time back in your day. 
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Simply visit www.softchoice.com/browser 
for your chance to win an HP IPAQ H1910, 
the industry’s leading handheld. 


In addition to running pocket versions of Microsoft Outlook, 
Word and Excel, the IPAQ empowers you to play MP3 and WMA 
music files, along with Windows Media video. Complete the 
necessary registration form and you'll be entered to WIN a 
brand new IPAQ of your very own! It’s that easy! 


Void where prohibited. United States Government agencies excluded 
from contest. Contest ends August 15, 2003. Winner(s) will be notified 
by phone or email. 


www.softchoice.com/browser 


$277.00 > 


HL-5040 


Brother’ is committed to providing 
superior and reliable business tools 
that increase productivity and reduce 
costs as businesses attempi to 

meet their organizational goals 

and challenges. 


By working closely with its customers, and by 
conducting continual market research, Brother has 
developed a wide range of award-winning and 
innovative technologies that result in products 
providing a wealth of features and benefits. 


Brother's range of products includes business 
machines, communications products, labeling and 
identification systems. 


$399.00 


¢ 14.4 kbps modem ( 
ar 


MFC-8500 


; i } At your side. 


E38836 HL-5040 Laser 2400x600 -17ppm 
E38843 HL-5070 Laser 2400x600 -17ppm 
C86364 MFC-8500 B&W-15 PPM MFP 
F62620 MFC-8420 B&W -17PPM MFP 
F62705 MFC-8820D B&W -17PPM MFP 


$277.00 
$499.00 
$399.00 
$577.00 
$650.00 
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Productivity 


Without Boundaries" 


Instantly Add Document Management and PDF 
Creation to Your PC 


PaperPort® is used by millions to organize, find and share all of the 
files on their PC — from scanned receipts and contracts, to Microsoft 
Word, PowerPoint®, Excel, and PDF files. PaperPort® adds document 
management capabilities to your existing PC folders and files — on 
your locai or network disk drives, and even CD and DVD disks. Best 
of all, PaperPort Pro 9 Office lets you create PDF files from within 
all of your PC applications, making it easy to share your documents 
using email and the Web. 


Pe Ak ded ar eink 
PR a Pere hd 


Sexoty the Create: 
(ut oF Fa Thrahnt Yor Organon 


= Large thumbnails let you organize everything on your PC, from scanned paper PaperPort’2° 
and digital photos, to Office documents and PDF files. OFFICE 


w All-in-one search finds all matching files, including scanned paper, photos and 
PDFs. 
= Convert Word and other formats into PDF quickly and easily The World's #1 Paper 
= Combine pages from Microsoft Word, PowerPoint and Excel into a single PDF, POF and Document 
with drag and drop ease Management Applicatio 
= Email many documents in one step, saving time and effort for the PC n 
= Receive and send faxes without ever using paper. 


= Use PaperPort and your existing network to store, search and share documents 
from every PC in your organization. 


Control Your PC and Convert Speech into 
Text — at 160 Words-per-Minute 


Dragon NaturallySpeaking® is the #1 way to instantly create docu- 
ments, memos, letters and contracts — simply by speaking. In just 
a few minutes, you'll be dictating into virtually any Windows®- 
based application three times faster than you can type. Millions have 
selected Dragon NaturallySpeaking because it is powerful and 
easy-to-use, but most of all because it saves time and money. Ideal 
for desktop, workgroup and enterprise users, Dragon 
NaturallySpeaking 7 sets a new standard for speech recognition 
performance. 


= Best Accuracy - Breakthroughs in acoustic and language modeling increase 
speech recognition accuracy. 
Fast and Easy to Use — After just a few minutes of voice training, you can dictate SoA 
into virtually any Windows application three times faster than you can type. Ccurate 
Mobile — Dictate into any ScanSoft®-approved Pocket PC or hand-held digital Ea and 
recorder, then automatically transcribe when you synch with your PC. Ni 'SY-to-Use, 
The First Choice for Speech Recognition — Dragon NaturallySpeaking is the 0 Wonder it’s 
world’s number one selling speech recognition product and has won over 150 #7 
awards for accuracy and ease of use. 


£49140 PaperPort Pro 9 Office Single User CD-ROM 
“ditties Volume £68314 PaperPort Pro 9 Office 5-User CD-ROM 
Licensing £68316 PaperPort Pro 9 Office 25-User CD-ROM 
* £45207 Dragon NaturallySpeaking Preferred CD-ROM 
Available D11952 OmniPage Pro 12 Office CD-ROM 
C77613 OmniPage Pro 12 Office Upgrade CD-ROM 
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iGrafx Process Central 2003 


Manage, control, share and exploit your organization’s process knowledge base 
with iGrafx® Process Central™ 2003 — a server based collaboration suite for 
proactive Enterprise Process Management. 


iGraf«k FlowCharter 2003 


Enjoy total productivity and ease-of-use when you create your flowcharts, process 
maps, and other business diagrams with iGrafx® FlowCharter™ 2003, the newest 
version of the award winning ABC FlowCharter®. 


COREL iGrafx ay VVC iGrafx 


www.iGrafx.com 


D35916 /Grafix Process Central 2003 CD ROM $14,996.00 
D42017 /Grafix Process Central 2003 Upgrade CD ROM $6,996.00 
D27965 /Grafix FlowCharter CD ROM $396.00 
D35682 /Grafix FlowCharter Upgrade CD ROM $245.00 


| Paint Shop Pro 8 


Paint Shop Pro8 From small businesses to large corporations, Paint Shop 
The mast complete photo end graphics ee Pro 8” is the photo and graphics editor of choice. 


Including both automatic and precision tools, it makes editing photos, 
enhancing presentations, and creating innovative websites, brochures 
and training materials easy. 


* Design graphics from scratch or use preset shapes, effects, and 
Picture Tubes 

* Slice and optimize Web graphics, add rollover effects, and hot spots 

* Capture continuous screen shots of a full page or a designated area 

¢ Add text to images 

* Convert and view files using 40+ supported formats 

¢ Record, edit and save commonly used tasks with Automated 
Productivity Scripts 


Ses: el 
Jasc Software 


the power to create” 


F08663 Paintshop Pro V8 for WIN CD ROM 
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Macromedia 
Studio MX Plus 


¢ Integrated tools and resources for 
building dynamic web experiences 

* Allows you to create graphics, lay out 
HTML pages, code applications, build 
rich user-interfaces, and assemble 
complete solutions 


»rebuilt templates. 
site structures. 


* Include: 
components 
and layouts 

* Create powerful applications with 
XML, web services, Microsoft .N 


and Java 


$900.00 


1.877.967.3737 


YS 


CHAS 


Macromedia 
Dreamweaver MX 


¢ Integrated tools for site design and 
layout, and rapid web-application 
development 


¢ Everything you need to develop and 
manage any professional website, 
whether it’s built with HTML, XHTML 
XML, web services, ColdFusion 
ASP, ASP.NET, JSP, or PHP 


* Customize and extend Dreamweaver 
MX with more than 700 free 
extensions available through the 
Macromedia Dreamweaver exchange 


$365.00 


romedia Introducing the new premium software service for top-tier developers. 


* Includes fully functional development-only servers on 
all supported platforms 


¢ More software extensions, components, and services, 
delivered throughout the year 


* Upgrade your Macromedia Studio MX software toinclude _* Software upgrades to all software in your subscription- 


B89034 Macr 
B99249 Ma 


B54486 Macrome 
FO4769 M. 
140992 M: 


Macromedia FreeHand, Macromedia Contribute, and the 
Macromedia DevNet Resource Kit Special Edition 


F33754 Macromedia Devnet Professional 


Macromedia ColdFusion MX 


* Includes the highly productiv idFusion 
scripting environment, built-in search and charting 


capabilities, and an integrated web services engine 


* Makes it eas) 
all major « 


Microsoft® 


‘0 build and deploy applications on 
rating systems, as well as Java™ and 
ET platforms 


$1,300.00 


Macromedia Flash MX 


* Reduce development time and deliver 


the best user experiences kas 


Macromedia Flash MX 
Data Connection Kit 


* Includes Macromedia Firefiy Components 
for retrieving and displaying data 


* Plus Macromedia Flash Remoting MxX to ai 
data from application server 


$479.00 


ver MX PRO 4,501.00 


D74096 Macromedia Direct 


as they're released 


$1,500.00 


Macromedia Contribute 2 


© Get set up in minutes without any training 


¢ Easily update web content hout knowing 
HTML while maintaining existing website design 
functionality and code 


* Update content on any HTML website, including 
Macromedia Dreamweaver MX, Microsoft 
FrontPage and hand-coded sites 


$100.00 


Macromedia Director MX 


* Streamline development by controlling 
Macromedia Flash MX objects, and launching 
and editing Macromedia Flash MX files 


* Deliver accessible content for people with 
disabilities 


* Built for Apple Mac OS X and Mic! Windows 


$1,200.00 


1 MX WIN 





www.softchoice.com/browser 


VERITAS Backup Exec’ 9.0 
for Windows Servers 


VERITAS Backup Exec™ 9.0 for Windows Servers is the next generation 
backup and restore solution providing comprehensive, cost effective 
re protection for Microsoft Windows server environments. A web-based 
9.0 for Windows Sere administration console and new graphical user interface with easy-to-use 
wizards simplify installation and enhance manageability. High performance 
agents and options deliver flexibility to help protect data quickly 
and reliably. 


Product Highlights 

¢ Fastest Exchange Server Backup & Restore 

e First to Leverage Windows Server 2003 Technology 
e First Anywhere Internet Interface 

¢ Windows Web-based Interface 


e Fastest, Simplest Installation for Windows Data Protection - From Shelf to 
Backup in 10 minutes 


Va eS 


Go to www.veritas.com/be90eval_sc to receive a FREE evaluation copy 


£08339 Backup Exec V9 WIN Server Edition CD ROM $552.00 
E10107 Backup Exec V9 WIN Server Edition License Volume Licensing $537.00 
E09541 Backup Exec V9 WIN Server Edition License w/ 1yr maintenance hates $660.00 


HP Proliant ML530 G2 Xeon 3GHZ Rack 


The ProLiant ML530 Generation 2 is a high-performance 2-way server that delivers 
industry-leading expansion and availability features. ProLiant engineering and design 
expertise optimize system resources for intensive data center and remote office 
environments. Processor, memory, and I/O subsystems combine to provide unbeatable 
price/performance for database engines or server consolidation efforts. 


¢ For maximum internal storage and 1/O flexibility 
© For remote and branch offices to data centers 


Compag Tablet PC TC1000 


New definition of mobility and versatility, an innovative form factor offering 
unprecedented mobility and versatility for business computing. Compaq Tablet PC 
TC1000 weighs in at just 3.0 pounds. 


® ¢ integrated wireless LAN maximizes mobility 
¢ removable keyboard provides the ability to change from tablet mode to notebook PC mode with the flip of a switch 
© innovative mobile keyboard that detache: 
¢ innovative, flexible docking system to quickly expand usability and does not require synchronization 
+ 


. ave mt innovative docking station supports easy trans ith multi-monitor docking profiles 


E68213 Proliant ML530 G2 Xeon 3GHZ Rack $5,700.00 
E68215 Proliant ML530 G2 Xeon 3GHZ Tower $5,350.00 
E84887 Proliant ML530 G2 1GB CDR Net $4,341.00 
D62029 Compaq TC1000TCrusoe 1.0GHZ 30GB 256MB Lan WXPT *$1,700.00 
D61963 Compaq TC1000TCrusoe 1.0GHZ 30GB 256MB Lan/W-Lan WXPT *$2,000.00 
D83278 Compag TC1000TCrusoe 1.0GHZ Tablet PC 60GB 512MB 10.4" Lan WXPT *$2,300.00 


“promotional pricing available until July 31, 2003 
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JUST BECAUSE HE’S UNAVAILABLE DOESN'T MEAN HIS PROJECT INFORMATION IS. 


Starwood Hotels and Resorts checks in. 


Web-based information sharing. 


www.softchoice.com/microsoft/ project 
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Show them what you're saying. 


Microsoft Visio allows you to quickly and easily organize your ideas and 
present a clear-cut plan of action. 


Create crystal-clear flowcharts, timelines, organizational charts, even detailed 
floor plans, all in an intuitively designed, easy-to-use program. With Visio your 
ideas become easily understood solutions. And with flexibility to save Visio 
diagrams as Web pages or to use them in Microsoft Office documents and 
e-mail, you can get your point across just about any way you choose. 


Microsoft’ The Microsoft Office Business and Technical 


Visio Diagramming Solution 
Professional 


939440 Microsoft Visio Professional Edition CD ROM Volume Licensing $496.00 
939444 Microsoft Visio Professional Edition Upgrade CD ROM — $249.00 


Software Assurance. 
Be assured. 


Microsoft® 


Assurance 


Microsoft announced the addition of new benefits to the 
Software Assurance program that will be available to you in 
addition to the benefits you already receive. 


What Software Assurance Can Do for Your Organization's Productivity 
Run new versions of licensed software as they become available during the term of 
your agreement and choose to spread out payments annually. 

Support and Tools 

Deploy and use software efficiently with help from Microsoft support professionais, 
resources, tools and Problem Resolution Support that can help keep business 
systems running smoothly. 

Training 

Bring employees up to speed quickly on new products, and keep IT professionals 
up-to-date on the latest technical information with many levels of instructor-led and 
eLearning courses 

Take advantage of Software Assurance with Softchoice 

Visit us at 

http://www.softchoice.com/microsoft/softwareassurance 


to learn more! 
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Get Maximum 
System Uptime 
and Reliability 
—Fast! 


Diskeeper 7.0 
Second Edition. 

The “Set It and Forget It” 
disk defragmenter for 
Windows 


System crashes, blue screens and slow file access can 
all be symptoms of excessive fragmentation. Diskeeper 
7.0 Second Edition automatically eliminates 
fragmentation and routinely increases system 
performance and reliability. 


Buy Diskeeper today! 


OF Saitware 


A92002 Diskeeper 7 WIN CD ROM $48.00 
A92006 Diskeeper 7 WIN 5 UserCD ROM $227.00 


Diskeeper 
7.0 


Service Pack 
Manager 
2000 


Network Security Patch Management Tool 


e Patches Security holes in NT/2000/XP/2003, 
liS, Exchange, SQL, ISA, IE, and more 

e Patch Research and Automated Inventory 

e Network Discovery 

e Automatic Network Security Scanning 

e Scheduled Service Pack or Hotfix installation 


B87316 50 User E Download $1,055.00 
B87364 50 User Maintenance $295.00 


1.877.967.3737 


Pinpoint, 

predict and 

prevent network 
problems quickly with 
Observer 


This network monitor and protocol analyzer for 
Ethernet (10/100/Gigabit) and Wireless 802.11a/b/g 
provides metrics, capture and trending for both 
shared and switched environments. Fully distributed 
with software-based probes. 


A91667 Observer Suite V8 CD ROM $3,973.00 


Pervasive.SQL 


Pervasive.SQL combines performance, embed- 
ability and low administration cost in a powerful, 
flexible and scalable engine, and delivers industry 
standard data access methods and seamless 
application integration. 


PERVASIVE 


E02551 70 User V8 CD ROM For NT $1,168.00 
E02532 10 User V8 CD ROM for Netware $1,168.00 
E02509 70 User V8 CD ROM for Linux $1,168.00 
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Tired of spending time in 
unproductive meetings? Mindjet 


Introducing a more effective way to electronically capture, organize and 
communicate information and ideas. As the digital alternative to whiteboards, 
flip charts and notepads, MindManager increases productivity through faster 
understanding, better decisions and reduced meeting time. 


Eliminate 2 out of every 3 meetings 
Move projects from brainstorming and planning into implementation 20% faster 
Increase project success rates by 20% or more 


e version 2002 . . ° ° b . ° » - 
MindManager seamlessly integrates with Microsoft® Project and Microsoft Office Suite 
eae ene 
The Vsuhlol for Brinstoming ond Pain to quickly publish the results of group meetings and jump-start business projects. 


D84405 MindManager 2002 Enterprise Edition CDROM $249.00 
F59857 MindManager 2002 For Tablet PC (ENT) Single User CDROM $249.00 
B61728 MindManager 2002 Business Edition $175.00 
F53400 MindManager 2002 For Tablet PC Business Edition $175.00 


GETTING A DOCUMENT 
FROM ANYONE IN THE COMPANY 
SHOULD BE THIS EASY. 


ther a registered trademark 


www.softchoice.com/microsoft/sharepoint 


©2003 Micrasolt Corporation. All rights reserved. Microsoft is et 
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Adobe’ Acrobat? 6.0 
Professional 


Adobe 
Acrobat'6.o 


Professional 


Advanced control over document exchange and output 


A 


Adobe 


Adobe® Acrobat® 6.0 Professional software provides robust new tools to 
enable business, creative, and engineering professionals to reliably and 


efficiently exchange graphically complex documents. 


Convert any document to Adobe Portable Document Format (PDF) files with one button click: 
from Microsoft Office, Internet Explorer and Microsoft Project, as well as from Microsoft Visio 
and AutoCAD, while preserving document layers. Now combine multiple documents, including 
large-format technical drawings and page layouts, into one compact Adobe PDF file in a single 
step, and automatically initiate and manage reviews using new electronic tools. Create forms 


that can be exchanged with colleagues and customers. 


E72108 Acrobat Professional WIN CD ROM $448.00 
E72107 Acrobat Professional MAC CD ROM $448.00 
E72110 Acrobat Professional WIN UPGRADE Ci ROM $150.00 
E72109 Acrobat Professional MAC UPGRADE CD ROM $150.00 
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From the leader in collaboration, a new way to do pe that increases responsiveness and simplifies 
access to people, information and processes. Lotus Workplace delivers wide-scale collaboration for everyone 
in your workforce. Openly. Flexibly. Affordably. With business results on demand. To learn more about the 


first Workplace offering, see our ere of Lotus: Workplace Messaging™ at ibm.com/lotus/seeworkplace 
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purity are trademarks of Symantec Corporat: 


Leading security resellers get that way by selling leading security products. 


Introducing Symantec Client Security. These days your customers face attacks that are more invasive and destructive 
than ever before. Blended threats like Nimda and Code Red can infect a company via the Internet, laptops, portable 
media, even PDAs. Once inside they can erase data, disrupt business and damage a client's greatest asset: its reputation. 
Symantec™ Client Security, the world’s first fully-integrated client security solution, combines the critical tools —intrusion 
detection, client firewall and virus protection—into a powerful, cohesive defense. It's just one part of a comprehensive 
solution that, along with our award-winning partner program, gives you the tools you need to become your customers’ 
most trusted ally. To learn more, visit www.softchoice.com/spotlight/symantecinfo. Or call Softchoice at 1.877.967.3737 
to find out how you can upgrade customers from their current desktop antivirus solution. 


softchoice 3 symantec. 





No databases to deploy, 
servers to install or software 
to configure; Livelnventory 
lets you start NOW! 


Capture ALL PC inventory, regardless of location 


Send an email-AssetPulse to inventory 
your remote/foreign oftices mobile/at home users 


a Email-AssetAgent 
, is less than 200Kb 
ty ‘one-time’ download 
yo 
For LAN users with restricted 


or no Web or Email access 


Inventory use’ 


Identify connected a 
eripherals such as: < 
perip So 


secure servers 
LAN or Web acces: 
Network Printers 

Local Printers 


PDA 
ies Bidet AssetMetrix ~@ 
=m @6@ 


FREE TRIAL 


Unlike other applications that can only inventory LAN-based 
PCs, Liveinventory is topology transparent, allowing you to 
inventory all of your mobile workforce, remote branch offices, 
and LAN PCs at the speed of an email. 


Livelnventory doesn't 
require end-user participation; 
it completes a PC inventory 
in less than 5 seconds. 


Software License Compliance 
PC Replacement Forecasting 
Security Vulnerabilities 

XP Migration Cost Analysis 
Software Usage Analysis 
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Achieve greater productivity with desktop standardization from Microsoft. 


Finally, standardization as defined by you. 


Now there’s a way to get the desktop standardization you've always 
wanted...and overcome the productivity barriers of multiple operating 
systems, incompatible productivity suites, and different hardware. 


Desktop standardization with Microsoft® Windows® XP and 

Office XP Professional can help your organization's desktops become 
more dependable and easier to manage, while providing security, 
reliability, mobility and collaboration benefits that will make you more 
productive. And it all starts with putting more control—and more 
flexibility—directly into your hands. 


With Microsoft's new Open License Value Company-wide Option, 
standardization doesn’t have to be all or nothing. Licensing costs are 
spread out over three years, so you can deploy upgrades at your own 
pace. You can easily acquire licenses to use Microsoft Windows XP 
Professional and/or Office XP on all of your company’s PCs—and enjoy 
substantial savings over other Microsoft Volume Licensing plans. 


Open License Value Company-wide includes Software Assurance, so you 
automatically have the licensing rights to deploy new versions of 
Windows and/or Office software as they are released throughout the 
term of your agreement. Plus, your IT team can access valuable 
resources to help make deployment faster, easier, and smoother. 
Windows XP Professional and Office XP offer built-in tools, such as 
expanded help features, the ability to save and migrate settings, and 
interactive online training. 


To find out more about how desktop standardization can provide you 
with greater flexibility, lower costs, better compatibility, and higher 
productivity, visit www.softchoice.com/microsoft/desktop or contact 
Softchoice at 1.877.967.3737 today. 


A Office*' 


softchoice jg“ Windows 


Professional 


© 2003 Microsoft Corporation. All rights reserved. Microsoft, the Office logo, Windows, and the Windows logo are trademarks or registered trademarks of Microsoft Corporation 
in the United States and/or other countries. The names of the actual companies and products mentioned herein may be the trademarks of their respective owners. 
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is up only 4%, according to a Confer- 
ence Board survey of more than 300 
large corporations. That’s hardly 
enough to fund large-scale infrastruc- 
ture projects. 

As a result of its experimenting with 
various technologies — for example, 
exploring the unlicensed portion of the 
wireless spectrum — the DHS may 
open new areas for commercial appli- 
cation of wireless mobile technologies. 

There’s no estimate as to how much 
of the department's $36 billion annual 
budget is earmarked for wireless and 
mobile. But with both the government 
and Chantilly, Va.-based research firm 
Input expecting federal IT spending to 
grow at a compound annual rate of 
8.5% to reach $68.2 billion in 2008, it’s 
certain that money is available for 
wireless security projects. 

The DHS is also incorporating 
lessons learned from the private sector 
— for example, relying more on indus- 
try standards and outsourcing up to 
75% of its projects. 

While the department’s mission is to 
safeguard the mobile and wireless in- 
frastructure, in the process it is also 
priming the pump of the digital econo- 
my. And that’s something we need as 
much as a security strategy. D 


GREG PAPADOPOULOS 


The Future 
In Bits 


LOOK AT everyday objects 


differently now, and you 

will too when you realize 
that bits -—- the binary digits 
of electronic data — are start- 
ing to show up in the most 


unexpected places. 

We are now able to make sensors 
and radio-frequency tags so small that 
we can put them into anything: light 
bulbs, milk cartons, sprinkler systems 
and building materials. 

Call it “bitmass” — bits increasingly 
intertwined with atoms to make the 
digital equivalent of biomass. It’s going 
to change the texture of our world. 

Consider the heat tiles on the under- 
belly of NASA's space shuttles. I look at 
them and imagine bits in the tiles. The 
shuttle could then become much more 
self-aware — it would notice, for exam- 
ple, if one of the tiles was missing. And 
if tragedy occurred, we could piece to- 
gether answers by asking the pieces 
what happened to them. 


OPINION 


Structures could be made 
aware of their parameters 


| and keep track of their own 


conditions over time. Imag- 


| ine asking your house, 
“Were you hurt in yester- 


day’s earthquake?” 
It sounds like science fic- 
tion, but it’s not. We’ve al- 
ready done the electronic 
materials engineering. Now 
we're starting to interweave 
small amounts of computing 
and storage into a range of 
materials and objects. 
For example, razor blades will be 
among the first products we track as 
they move through the supply chain, 


| thanks to tiny radio-frequency identifi- 


cation (RFID) tags that now cost only a 


few cents to make. This technology can } 


help companies reduce “shrinkage” 
(the term used when a product goes 
missing) and much more. 

Think about all the time you waste 


in stores or at home just 
looking for things. RFID 
tags can respond to radio 


waves and say, “Here I am!” | 


Put them on cartons of 
milk or prescription medi- 
cines, and they'll be able to 
tell us much more — like 
whether temperature fluc- 
tuations during transit have 
affected their freshness or 
potency. 


Bitmass will also acceler- | 


ate an extremely useful de- 
sign trend I call “infradestructuring,” 
which involves separating structure 
and control to create a more flexible 
infrastructure. 

Take lawn sprinklers. My new house 
has a sprinkler system with five dif- 
ferent controllers of different genera- 
tions, and I can’t figure out how any 


| of them work. So I’ve got all kinds of 
problems — this head puts out too 


much water, that one not enough. I 
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| want to put them on different cycles, 


but I can’t do that unless I tear up the 
ground and replumb everything. 
Now imagine a sprinkler head with 
bitmass. It might have a moisture/pH 
sensor probe and a network-address- 


| able T-valve that lets you redirect the 
| flow of water. You would be able to as- 


sociate any sort of watering require- 
ment with any head. 

That’s because bitmass enables us to 
teach individual items what we want 
from them — and reteach them when 


| our needs change. In other words, we'll 
| be able to change the way things work, 


without having to take them apart and 


| rebuild them. 


Once you realize bitmass’s possibili- 
ties, you will start to look at the things 


| around you very differently. Light 
| switches, stereo speakers, packages 


you send through the mail — all kinds 
of objects take on new properties. 

In fact, it won’t be long before you 
wake up every day and smell the bits! D 





Hire the Laid Off 


S$ ABUSE of the H-1B visa so ac- 

ceptable now that John Chen, 
the CEO of Syhase, can make the 
following quote without blinking? 
“I'm a supporter of the H-1B visa 
because most of the H-1B visa 
holders are people we've trained in 
the U.S.” [“Sybase CEO Decries 
SCO ‘Garbage,’ Oracle’s Behavior,” 
QuickLink 39306]. This visa was 
meant to bring into our country ex- 
ceptionally skilled foreign workers 
to fill a temporary need. 

Sybase admits that it wants for- 
eign workers here on a permanent 
basis. There is only one reason why 
they would do this: cheap labor. 
And our government lets them get 
away with it. 

Why not instead hire the hun- 
dreds of thousands of skilled, per- 
manently laid-off U.S. workers who 
have lost their jobs because of the 


eats 


H-1B and L-1 visas, and really bene- 


| fit the U.S.? 


Linda Kilcrease 


| Dover, N.J. 


| An Offshore View 


FTER MORE THAN 40 YEARS 
in IT on two continents, | find it 
ironic that there is growing concern 


in the U.S. IT industry regarding off- 
| shore outsourcing. 


For many years, those of us 


working outside the U.S. have had 
| to outsource offshore. In our case, 
| it was the necessity of purchasing 
| operating systems, ERP and aliied 
| system software from U.S. suppli- 
| ers. We learned to live with poorly 
| performing code and unredeem- 
| able warranties. 


| do not wish to unfairly burden 


| all U.S. software companies with 
| this criticism, but all too often we 
| pay far above both the value and 


Protecting Jobs in a Free Market 


LTHOUGH the IT offshore out- 

sourcing situation causes 
angst, | am a firm believer in the 
free market. And | realize that we 


wound up in this mess following the | 


escalation of IT labor costs in the 


is shrinking [“Offshore’s Rise Is Re- 
lentless,” QuickLink 39516). How- 
ever, companies that use offshore 
services should be forced to reveal 


that information in their annual re- 


| ports. This would be similar to the 

| information about the origins of ve- 

| hicle parts provided by automakers. 
Moreover, U.S. defense contractors | 
| shouldn't be allowed to use off- 

‘90s and that the U.S. IT labor force | 
| inincreased government costs for 


shore resources, since that results 


unemployment compensation. 
Jim R. Reeves 
IT manager, Barrington, Ill. 





cost of the product in real, local 
terms. |, for one, applaud efforts by 
outsourcers and other suppliers to 
reduce costs no matter their loca- 
tion. | challenge the complainers to 
improve either their productivity 
and/or their quality to differentiate 
their products sufficiently for me to 
willingly pay up to 300% more 
When this happens, we will know 
that a functioning democratic and 


| capitalistic society is in existence 


lan Simpson 


| Systems auditor, 


Sherwood Park, Alberta 


Measuring Service 
READ WITH GREAT INTEREST 
Thomas Hoffman's June 23 arti- 

cle “Outsourcers: Do They Mea- 

sure Up?” [QuickLink 39030] 

Most interesting were the state- 

ments made by Cathy Brune, CTO 

at Allstate, and Rod Hall, vice pres- 
ident of a services company. 

As an ex-Ci0, | strongly support 
Brune’s contention that in longer- 
term service agreements, the abili- 
ty to test the ongoing fairness of 
your deal is vital. To Hall's con- 
tention that benchmarking (period- 
ic snapshots of performance) is 
less fair to the services provider 
than baselining (comparisons 
based on the full term of the con- 
tract), | had to ask, “Whose fault 
is that?” 

Hall admits that services deals 


| are commonly structured to show 
| immediate value to the client by 


keeping costs artificially iow up- 


| front. Thus, any benchmark com- 

| parisons performed late in the con- 
| tract term will likely show the ser- 

| vice providers to be much more 

| costly, and accordingly, any re- 

| quired price drops imposed by 

| those tests would be unfair. His an- 
| swer in effect is to do comparisons 


after the contract period is over. 
Is that good for the provider? 


| Of course. Is it equally good for the 


client? Hardly. Maybe the best solu- 


| tion for the client is baseline pricing. 


With that approach, benchmarking 


| at any point provides a much clear- 


er picture oi the actual level of ven- 


| dor performance 
| Bruce Barnes 


President and CEO, Bold 
Vision LLC, Dublin, Ohio, 
bbarnes@bold-vision.com 


| COMPUTERWORLD welcomes 


comments from its readers. Letters 


| will be edited for brevity and clarity 


They should be addressed to Jamie 


| Eckle, letters editor, Computerworld, 


PO Box 9171, 500 Old Connecticut 
Path, Framingham, Mass. 01701 


| Fax: (508) 879-4843. 


E-mail: letters@computerworld.com 


| Include an address and phone num- 
| ber for immediate verification. 


For more letters on these and 
other topics, go to 
www.computerworld.com/letters 
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CASE STUDY 

Boehringer Cures 

Slow Reporting 

The pharmaceutical giant has 
installed an SAP/Cognos system 
to speed its financial reporting 
and ensure it can keep up with 
the competition. Page 30 


Plugging Storage 
Secure ab 


Storage systems have never been 


designed for security. SAN and 
NAS deployments each have 
their own vulnerabilities, but 
there are ways to protect them. 


Page 31 





@ PC DESIGN 


The Shape of 


Things to Come? 


One of the more intriguing aspects of PCI 
Express is the flexibility it gives manufac- 
turers in redesigning the traditional PC 
box. With fewer circuits to design onto 
the motherboard, a 1X PCI Express slot 
less than 3 in. long and Newcard connec- 
tors (which replace today’s PC Card slots) 
just 1.3 in. wide, vendors are experiment- 
ing with compact desktop designs that 
shed the traditional rectangular box shape 
without sacrificing expandability. 

Hewlett-Packard’s Chuck Stancii says 
the space-saving Newcard slots could be- 
come more common in desktops because 
they're less expensive to integrate than 
today's PC Cards, which have found a 
home mostly in laptops. 

It's not just the shape of the PC that 
may change, manufacturers say. The tradi- 
tional PC itself could disaggregate into a 
partitioned system that places noise- and 
heat-generating components away from 
the user while leaving the display, key- 
board, mouse and removable storage on 
the desktop. “It's a serial technology that 
allows potentially split-system concepts,” 
says PCI-SIG Chairman Tony Pierce. 

HP recently showed a prototype, co- 
developed with Microsoft Corp., called the 
Athens PC. That unit uses another high- 


Shea Gee tees 0)! 
for desktop PCs will be 1 in. long 
NMS BU AR as Yon) SL 
require just four wires, and 
deliver more than twice the 
bandwidth. A graphics adapter 
card (shown in the fourth 
expansion slot) will use a 3.5-in. 
16X slot. Fewer wires means 
fewer traces are needed on the 
ULC MeTOL Te mole 

more compact designs. 


speed serial technology, USB 2.0, as the 
interconnect, but Stancil says HP is con- 
sidering similar types of designs based on 
PCI Express. And HP isn’t the only vendor 
willing to experiment. “It's something 
we're going to play with,” says Brian 
Zucker, technology evangelist at Dell. 


OPINION 


Another Front in the 

Standards Wars 

The CPU in your computer is where 
the real action takes place, and CPU 
standards would maximize computing 
performance, says Nicholas Petreley. 


Page 36 





Outlook: PC! Express 
stands ready to remedy 
PCI bus bottlenecks, 
but for most users, 


those don’t exist yet. 
By Robert L. Mitchell 


S PC MICROPROCESSORS pass 
the 3-GHz clock-speed mark 
and Gigabit Ethernet begins 
its move onto the corporate 
desktop, it’s easy to forget 
that the typical expansion bus in desk- 
tops sold today still runs on ll-year-old 
technology. 
The 32-bit, 33-MHz Peripheral Com- 
ponent Interconnect (PCI) bus specifi- 


cation, which debuted in 1992, remains | 


the standard. 


online 
EMERGING #26 Pct supports an 
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133MB/Sec. 
(1Gbit/sec.), and that bandwidth must 
be shared among all devices on its 
multidrop bus. “I/O has moved at an 
anemic pace,” says Tom Bradicich, 
chief technology officer for IBM’s 
xSeries server line. 

An emerging I/O standard, PCI Ex- 
press, is about to speed things up. The 
current specification, supported by the 
PCI-SIG vendor consortium and pro- 
moted heavily by Intel Corp., succeeds 
PCI’s parallel bus design with a high- 
speed, point-to-point serial interconnect 
technology that Intel and others say 





PCI supports an | 
| inevitable, PCI Express’ near-term 

| prospects beyond high-end graphics 

| are less clear. IT managers say desk- 

| tops don’t yet need the extra I/O band- 


will be both faster and more reliable. It 


| will deliver an aggregate bandwidth 


ranging from 5Gbit/sec. (SOOMB/Ssec.) 
to 160Gbit/sec. (16GB/sec.). And be- 
cause it’s serial, the technology will 
work more efficiently with other 
emerging high-speed serial technolo- 
gies such as Serial ATA and InfiniBand. 


| It will also offer hot-plug and hot-swap 
| support and enable direct peer-to-peer 


communication between attached de- 

vices without involving the processor 

chip set (see diagram on page 26). 
But PCI-SIG isn’t just promoting 


| PCI Express as a desktop PCI expan- 
| sion bus replacement. The consortium 


is positioning it as a general-purpose 


| I/O technology for desktops, worksta- 
! tions and servers that will also speed 
internal chip-to-chip and graphics 

| adapters. Intel plans to release a PCI 

| Express chip set for servers, code- 
named Lindenhurst, early next year, 
with a PC chip set to quickly follow. 


On the desktop, the first PCI Express 


| add-in devices are likely to be graphics 


chips because the Accelerated Graph- 
ics Port (AGP) standard has run out of 


| gas, says Jim Pappas, director of tech- 


nology initiatives for Intel’s enterprise 


| platform group. “All new graphics de- 
| velopment [beyond AGP 8X] is being 


done on PCI Express,” he says, noting 
that the first graphics products could 
be available by early next year. 
Although vendors generally view a 
migration to serial 1/O technology as 


width. “People are not taxing the 


equipment they have,” says Scott New- 


ton, director of IT at Otis Spunkmeyer 


Inc. in San Leandro, Calif. 


PCI Express also represents a funda- 


| mental technology shift in that its 
| physical interfaces, which include 


desktop expansion slots, a new PC 
Card format (code-named Newcard) 
and Mini PCI Express slots, won’t ac- 
cept existing PCI devices. 
In the server world, where I/O band- 
Continued on page 26 
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HP. Standing at the forefront 
of the Linux revolution. 


> . 
7 Linux is all about open solutions. 
. And so is HP. So naturally, HP has 
emerged as the worldwide leader in 
Linux solutions. By focusing on the 
f 


re 
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key strength of Linux—open system 
environments—HP has been solving 
real business problems for more 
customers than anyone for 18 
quarters running. With HP hardware, 
software and over 4,000 Linux 
service experts ready to servé you, it's 
easy to see we're the Linux leader. 
And the ones you should call to make 
even your most business-critical 
applications easier to manage at 
lower costs. Demand more. 

Demand HP for Linux. 


To see what HP and Linux can do for 


your business, try our TCO calculator 
2 at www.hp.com/go/demandlinux. 
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@ TECH SPECS 


PCI Bandwidth 
By the Numbers 


Users comparing throughput numbers for PC! Express and 
PCI-X may find the experience confusing. That's because 
the nature of the two architectures makes apples-to-apples 
comparisons more difficult. 

Since Express is a serial technology, designers tend to 
describe bandwidth in bits per second. In contrast, PCI de- 
signers describe bandwidth in bytes per second. And even 
after calculating the bit/byte conversions, the bandwidth 
numbers aren't directly comparable because the ways in 
which the two technologies transport data are different. 

A PCI Express design transmits data over a set of two 
wires at a base signaling rate of 2.5Gbit/sec. - but only in 
one direction. A complete, full-duplex PCI Express “lane” 
consists of four wires, for an aggregate bandwidth of 
5Gbit/sec. Although PCI-X 2.0 adds bandwidth by increas- 


Lad bi) g ct} 


Server-based |/0 technologies are leading the charge 
in higher 1/0 bandwidth requirements. Bottlenecks 
could be compounded for storage and networking 
technologies, because more than one adapter may be 
used. On the desktop, graphics technologies with 
bandwidth requirements beyond the capacity of AGP 
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PCI 1.0 (32-bit) 


connection all the way up to an 8/16Gbit/sec. 32X design. 


ing the clock speed to double data rate (DDR) or quad data 
rate (QDR), system designers increase the bandwidth of a 
PCI Express slot by adding lanes. The range starts with a 





2.5/5Gbit/sec., one-lane or 1X (pronounced 


Continued from page 23 

width is more of an issue, PCI Express 
faces competition from enhanced ver- 
sions of the PCI bus standard, includ- 
ing the emerging, 2GB/sec. PCI-X 2.0, 
due out later this year. But vendors are 
split on whether to stay on the PCI-X 
road for backward compatibility or go 
directly to PCI Express. 

“We are focused on PCI-X 2.0 in the 
2004-2005 time frame. It provides im- 
provements in performance and back- 
ward compatibility for investment pro- 
tection,” says David Heisey, manager of | 
advanced technology at Hewlett-Pack- 
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| ard Co. IBM’s Bradicich agrees that the 


current PCI specification “does not 
comprehend the requirements for 


| servers in the enterprise.” 


But Jimmy Pike, director of server 


| architecture at Dell Computer Corp., 


says his company plans to pass on PCI- 


| X 2.0. “Everybody is already admitting 


that there is some reasonably short life 


| to the stuff they’re putting on PCI-X 


2.0. Your investment is better protect- 
ed with PCI Express,” he says. 

The issue may be decided by chip-set 
makers, since the use of PCI Express in- 
ternally makes deploying the technol- 


aOR ecm Hit 
as a general-purpose 
1/0 technology, could 
REAM UCM ae Cla 
yee 
communication 
technologies used for 
internal, chip-to-chip 
communications, as 
well as AGP for 
graphics 1/0 and PCI for 
yer Uy ime te gels 
hard disk drive 1/0, ATA 
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standard, called Serial 
ATA, and will access the 
AOR Rimming 
directly [see “Serial ATA 
Takes on SCSI,” 
QuickLink 36976]. 


Initially, desktop expansion slots are expected to range 
from 1X to 4X; servers will likely range from 4X to 8X; and 
graphics will run off 16X slots. 

So while PCI-X 2.0 supports up to 2GB/sec. of traffic in 





: either direction, a 4X Express slot supports 2GB, but only 
1GB/sec. in one direction. If the nature of the I/O is unidi- 
'_ rectional - say read-only access to a serial-attached stor- 


' age array - then a comparable PCI Express device would 


' need to be 8X. 


ogy for external I/O devices easier. 
“Whoever is providing the chip sets 
will determine whether PCI Express 


| will appear in systems,” predicts Bradi- 


cich. Intel dominates the desktop mar- 
ket. Santa Clara, Calif.-based Server- 
Works Inc. has the lion’s share of the 
server market, and it plans to focus on 
PCI-X 2.0 chip sets, says Virkam Kar- 
vat, director of marketing at the Broad- 
com Corp. subsidiary. He doesn’t ex- 
pect to see PCI Express in servers until 
2005, which is when Bradicich says IBM 
plans to include it in the xSeries line. 
Even then, PCI isn’t likely to go away 
anytime soon, which means IT will be 
managing yet anothe* I/O interface. 


Motherboard vf Invention 
While servers have adopted faster ver- 
sions of PCI, most desktop vendors 
have stayed with the original standard 
because, outside of graphics, desktops 
haven’t been I/O bound. 

Once users need the bandwidth, PCI 
Express could take off because Intel’s 
dominance in PC chip sets gives it the 
power to push PCI Express into the 
majority of desktops, says Bert McCo- 
mas, an analyst at InQuest Market Re- 
search in Higley, Ariz. “Since it’s on the 
motherboard, [vendors will] wire it up 
to a slot or two or three,” he says. 

Chuck Stancil, a technical staff mem- 
ber in HP’s personal systems group, 
agrees that desktops will eventually go 
to PCI Express. The question is when. 

PCI Express will gain a foothold in 





2004 by replacing the AGP graphics 
slot, enabling faster high-end graphics 
and streaming video applications on 
desktops. But its use for general-pur- 
pose I/O could be much further out. 

Nathan Brookwood, an analyst at In- 
sight64 in Saratoga, Calif., predicts that 
other high-performance I/O applica- 
tions will come once systems are 
equipped to take advantage of them. 
And one application is already here. 
“Gigabit Ethernet really can saturate a 
desktop PCI bus. To get around that, 
vendors are doing all sorts of funny, ad 
hoc solutions,” Brookwood says. 

Tony Pierce, chairman of PCI-SIG, 
says he expects Gigabit Ethernet will 
become standard in desktop systems 


| within 12 to 18 months, which could 


give PCI Express some momentum. 
The technology will likely phase in 
slowly, though. “There isn’t a com- 
pelling reason to ditch PCI slots, which 
are dirt cheap,” and replace them with 
PCI Express, says Stancil. And though 
vendors say PCI Express ultimately 
will be less expensive to deploy, the 
need to support both PCI and PCI Ex- 
press means that early hybrid machines 
are likely to be more costly. Without a 
compelling need, the complexity, com- 
patibility and cost issues could leave 
many organizations on the sidelines. B 


WHITHER INFINIBAND? 


The technology may have found its niche: 
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BOEHRINGER INGELHEIM GMBH is a huge com- 

pany, with $7.6 billion in revenue and 

32,000 employees in 60 nations. But the 

Ingelheim, Germany-based pharmaceuti- 
cal maker says Web-enabled reporting and financial 
applications are making the company as nimble as 
some of its smaller competitors when it comes to 
running financials. 

Like many large corporations, Boehringer is turn- 
ing to Web-based financial and analytical tools to 
rapidly consolidate and present key financial data on 
a daily, weekly or monthly basis. The company uses a 
Web-enabled version of SAP AG’s financial software, 
which allows it to drill down and draw conclusions 
based on the latest available financial and opera- 
tional data. 

“I want to be told where I stand and where we are 
heading,” says Boehringer’s chief financial officer, 
Holger Huels. “I like to [be able to] see negative 
trends and counter them as fast as possible.” 

More important, Boehringer is now able to close 
its books for most of its divisions just two hours after 
the close of business at the end of each month, and 
the technology is capable of providing a daily close 
as well, says Huels. 

That’s a big change for Boehringer’s accounting 
department, which previously had to wait for printed 
reports and then pick through them manually. The 
staff used a variety of applications for financial 
analysis, including several different versions of SSA 
Global Technologies Inc.’s BPCS analytical software, 
says Tony Ciancio, Boehringer’s director of account- 
ing. The closing process spanned three days each 
month, including the time required to reconcile data 
from the disparate systems. 

Ciancio says that with three and a half years worth 
of SAP data, his department can spot product sales 
trends and track expenses such as personnel costs, 
which are frequently reviewed and compared with 
net sales and other metrics. 

The pharmaceutical company went live on the 
SAP Financials SAP R/3 system a little more than a 





How Boehringer 
Gets Its Numbers 


The pharmaceutical maker has linked its supply chain 
and Ariba purchase-order systems to feed into its SAP 
Financials software, which dumps daily updates into an 
Oracle data warehouse. Using a Web browser, the staff 
can then access a suite of reporting tools that can oper- 
ate on the data to generate up-to-date financial reports. 
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year ago, after a 14-month rollout. Delivering the nec- 
essary information from Boehringer’s various trans- 
actional applications required some integration work 
between a hospital contract and rebate system li- 
censed from I-many Inc. and purchase-requisition 
software from Ariba Inc. that ties into SAP. 

Boehringer also had to write custom interfaces to 
link its SAP system to its Manugistics Inc. produc- 
tion and planning application, which required writ- 
ing custom interfaces in-house. 


Addressing Key Challenges 

The system uses Cognos Inc.’s Impromptu tool to re- 
port financial results from an Oracle data warehouse, 
which takes feeds from the SAP system each night, 
says Ciancio. Impromptu then creates standard in- 
come statements, cost center reporting and account- 
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level analysis. It also lets the accounting staff drill 
down to individual transactions. 

The biggest difficulty wasn’t integration, however; 
it was training staff to deal with the unique way the 
SAP application deals with pharmaceutical-specific 
accounting procedures as it reports revenue, says 
Ciancio. To address that problem, the company de- 
veloped job-based SAP training courses taught by 


| employees who were considered power users. 


“Each employee was assigned a series of training 
courses that were based upon the job roles that are 


| associated with their particular jobs. These courses 


are constantly being updated to reflect new trans- 
actions or processes,” says Ciancio. 

Despite the amount of time required for training, 
the system has made the accounting department 
much more productive, in part because the staff can 
now run up-to-date reports whenever needed, ac- 
cording to Ciancio. 

Boehringer also uses Ottawa-based Cognos’ Power- 
Play analysis tool, which permits multidimensional 
views of profit-and-loss data. “We can quickly ana- 
lyze revenue and expense information by switching 
the columnar and row data, and also bring in differ- 
ent dimensions or measures such as budget, prior 
year, drill-down and subsets of the data,” Ciancio says. 

Executives can access this data through Cognos 
Upfront, which securely delivers the reports via a 
browser over a WAN. The system also allows for 
ad hoc analyses. The most common of these are 


| transaction reviews that let users get fast summaries 


by customer account or product. 

Ciancio says the new system is running as effi- 
ciently as possible, but it has limitations. For in- 
stance, there is still a one-day lag in reporting be- 
cause some parts of the global organization are still 


| using disparate systems. 


Boehringer usually closes the books for four of its 
divisions in 12 hours, typically on the first business 
day of the month, Ciancio explains. However, three 
units aren’t on SAP and don’t use its general ledger. 
So those units have to close independently, and then 
the financial data is consolidated through Excel 
spreadsheets into Cognos Finance for reporting, 
which requires manual intervention and takes 
another day. 

“For many reports, this is acceptable. For others, 
we are challenged in evaluating options for getting 
real-time updates and reporting up to the minute to 
the Web,” Ciancio says. 

In addition, because not all the U.S. affiliates are 
on SAP, it’s impossible to report on some of the low- 
er-level data. Transactional data is available when 
needed from the non-SAP systems by downloading 
or doing queries and pulling it into an Oracle data 
warehouse or Excel for presentation in reports. “It is 
not fully automated, but it can be done,” Ciancio says. 

Currently, he’s evaluating interfacing financial data 
from the other Boehringer affiliates into the Cognos 
financials consolidation software. However, there are 
significant challenges because of the disparate gen- 
eral-ledger systems and reporting structures. 

But Boehringer plans to roll out the SAP system to 
most of its subsidiaries worldwide over the next few 
years, says Ciancio. Despite continuing struggles, the 
company is convinced that the savings from the SAP 
system have already exceeded expectations, he says. D 
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| ona SAN from application servers ei- 
| ther through software code residing on 
| each device or through intelligent stor- | 
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SAN and NAS systems have security 
problems. Here’s how to fix them. 
By Lucas Mearian 


TORAGE SYSTEMS weren't 
designed with security in 
mind. They started out 
as direct-attached, so if 
the host was secure, the 
storage was too. That’s all changed. 
Fibre Channel storage networks of- 


ten have multiple switches and IP gate- | 


ways, allowing access from a myriad of 
points. Compound this with poor work 
by systems administrators, new data 
security laws and recent high-profile 
cases of consumer information theft, 
and the need for improved storage se- 
curity becomes urgent. 

But if systems administrators can’t 
follow the basic steps of network stor- 
age security, better tools may not help. 
That’s part of the reason why encryp- 
tion is becoming the most widely 
adopted solution to the problem. 

Misconfiguring logical unit number 





(LUN) zones and not maintaining net- 
work-access lists are two major causes 
of unauthorized access to storage net- 
works, says Nancy Marrone, an analyst 
at The Enterprise Storage Group Inc. 
in Milford, Mass. Another common 
mistake administrators make is not 
bothering to change the device default 
password, according to Dennis Martin, 
an analyst at Evaluator Group Inc. in 
Greenwood Village, Colo. 

Beyond the human failings, Fibre 
Channel itself isn’t a secure protocol. 
Through it, application servers can see 


every device on a storage-area network | 


(SAN). Switch zoning and LUN mask- 
ing on a storage array can restrict ac- 
cess to devices on a SAN. Zoning seg- 
regates a network node either by hard 
wiring at the switch port or by creating 
access lists around device world wide 
names (WWN). Masking hides devices 


age controllers that permit only cer- 


ating system. 


According to Marrone, managing ac- | 


cess through LUN masking works on 
smaller SANs but becomes cumber- 
some on large SANs because of the ex- 


: . . | 
tensive configuration and maintenance. | 


Encryption Makes Gains 


Given these human errors and technol- 
ogy shortfalls, some users are turning 
to encryption. 

Michelle Butler, technical program 
manager for the National Center for 
Supercomputing Applications (NCSA) 
at the University of Illinois at Urbana- 
Champaign, manages three SANs — 
two with 60TB of capacity and one 
with 40TB. For her, security means 
that data needs to be encrypted, both 


tain LUNs to be seen by a host’s oper- | 





when it’s in transit and stored on a disk 


— or “at rest.” 

“There are some tools out there, but 
there are also some big gaping holes 
being left that so far don’t seem that 
interesting to hackers,” Butler says. 

Nevertheless, the NCSA plans to buy 
Brocade Communications Systems 
Inc.’s newly released Secure Fabric 
operating system and Fabric Manager 
software. Butler says the products will 
allow her storage administrators to 
create network management access- 
control lists using public-key infra- 
structure (PKI) technology and device 
access-control lists based on WWN. 
The software also offers authentication 
and encryption for control information 
or management data on SAN devices. 


Examples of the necessity of encryp- | 


tion abound. For instance, in January, a 
disk drive with 176,000 insurance poli- 
cies was stolen from Guelph, Ontario- 
based Co-operators Life Insurance Co. 

In response to events like this, Cali- 
fornia adopted a new law. SB 1386, 
which went into effect this month, re- 
quires any company that stores infor- 
mation about California residents to 
publicly divulge any breach of security 
affecting that data within 48 hours. 

In addition, Sen. Dianne Feinstein’s 
(D-Calif.) office is finalizing a federal 
version of the bill — called the Data- 
base Security Breach Notification Act 
— that would provide similar protec- 
tions to all U.S. residents. The only 
companies exempt from the California 
law and the proposed national legisla- 
tion are those that encrypt data at rest. 

Several newly released products ad- 
dress concerns posed by the recent leg- 
islation. In April, Mississauga, Ontario- 
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based Kasten Chase Applied Research 
Ltd. announced its Assurency Secure 
Networked Storage platform, agent- 
based software that provides a stripped- 
down PKI-based authentication and 
encryption for networked storage de- 
vices. The company estimates that a 
complete encryption system is gener- 
ally 7% to 10% of the cost of a SAN. 


Other Vendors 


Another company getting noticed is 
start-up appliance vendor Decru Inc. 
in Redwood City, Calif., which uses 
proprietary software to encrypt data 
on the storage array, but uses the IPsec 
protocol on the application server to 
encrypt data while in transit. Its Data- 
Fort security appliances work for for 
both SANs and network-attached 
(NAS) storage. 

Vormetric Inc. in Santa Clara, Calif., 
sells an appliance that encrypts data at 
the file level for NAS, file servers and 
tape archival systems but not at the 
block level for SANs. And NeoScale 
Systems Inc. in Milpitas, Calif., sells a 
product called CryptoStor FC, that 
provides wire-speed, policy-based en- 
cryption for SAN and NAS data. 

Although most currently available 
storage security technologies offer en- 
cryption, analysts say it’s important for 
users to make sure that the data is en- 
crypted both at rest and while being 
transmitted across networks. D 


HELP IS COMING 


Storage security standards are on the way 
Will they be enough? 
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TV for the 
21st Centu 





ORROWING supply 
chain automation con- 
cepts from the manu- 
facturing world, Public 
Broadcasting Service is re- 


| inventing the way it manages 
| and distributes television pro- 


grams. The overhaul, expected 
to be completed by 2006, will 
fundamentally change the 
dynamics and economics of 


| TV broadcasting, PBS says. 


Today, PBS distributes pro- 
grams to its 177 member sta- 


| tions as real-time video 
es 


FUTURE 
WATCH 


| conditions. Many of these 

| transmissions require some- 

| one at the station to be stand- 
| ing by to “catch” the trans- 

| mission to videotape or ona 

| video server. 


streams from satel- 
lites. A single show 
may be sent a dozen 
times, depending on 
the time zone, sched- 
uling and weather 


Indeed, the entire program- 


| ming supply chain — from 


the content producer to PBS 


| to local stations — is punctu- 
| ated by laborious, exacting 


and error-prone manual pro- 


| cedures. And it requires pun- 


ishingly expensive and spe- 
cialized broadcast equipment. 


| Every station has “master con- 


trol” equipment that can cost 
more than $10 million. 
But PBS aims to replace the 


| pricey gear with Intel-based 


computers; the real-time video 
feeds with store-and-forward, 
IP-based file transmissions; the 
physical handling of tapes with 
drag-and-drop mouse move- 
ments; and the labor-intensive 
quality control with software. 
Andre Mendes, chief tech- 
nology integration officer at 
PBS in Alexandria, Va., says 
the new technology will im- 
prove broadcast reliability and 


quality and enable new broad- 
cast services. It will save PBS 
and its member stations more 
than $100 million annually, 


| and it will allow the survival 


of some stations now on the 
brink of bankruptcy, he says. 


Progress at PBS 

PBS technicians may run 
through a videotaped show 
several times — once to check 


| for quality, again to insert 


V-chip information, again to 
add branding and logos, then 
again to add closed captioning 
or Spanish audio, and so on. At 
each step, they do a technical 
evaluation of the entire tape, 
so a one-hour show might in- 


| volve several hours of checks. 


These multiple steps are re- 
quired because PBS often gets 





show content in several pieces 
from the producer and in a va- 
riety of formats. 

Under the new scheme, PBS 
will either get all the content 
at once, as a data file transmit- 
ted over IP, or it will get the 


| individual components ac- 


companied by metadata that 
describe them and explain 
how they are to be combined. 
PBS technicians will then pro- 
duce the final show in one step. 
“What used to take six hours 
will now take one hour or less 
because we can do it faster 
than real time,” Mendes says. 
At the end of this single 
technical evaluation, the TV 
show will exist as ordinary 
digital data, subject to storage 
on commodity computer stor- 
age systems and transmission 
as discrete files over IP-based 


| networks, either terrestrial or 


satellite-based. Currently, a 


| tape has to be pulled from 
| storage, cached onto a video 


server, manually scheduled 
and then streamed in real time 
via satellite and caught on the 
station side each and every 
time a station wants it. 

“Now it will be dragged and 
dropped into a schedule, and 
it will be sent and caught auto- 
matically without any further 
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TV programs will flow from producers (manufacturers) to PBS (distributor) to local 
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metadata describing them will move as files over IP networks via satellite or the Internet. 
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manual labor,” Mendes says. 
The need for human inter- 
vention will go way down, and 
so will errors — no more tapes 
deteriorating from age, no 
more grabbing the wrong tape. 
Error-checking software and 
other techniques can preserve 
the integrity of every bit, 
just as with any data storage, 
Mendes says. 


Change at the Stations 
Local stations, used to getting 
pushed content only, will be 
able to pull programming over 
the network by clicking on 
items in menus. They will 

be able to use a Web browser 
to preview programs and, 
through a thin client, build 
daily and weekly schedules re- 
motely on a server at PBS. At 
the right time, software at PBS 
will package the entire sched- 
ule and send it to a server at 
the station by satellite over IP, 
all with no manual effort at 
either end. 

“Labor savings will be pret- 
ty substantial,” says Ron Kain, 
chief technology officer at 
WITF in Harrisburg, Pa. “And 
if you don’t have to devote so 
many resources to particular 
technical functions, you can 
repurpose those resources to 
produce more local content, 
where the real value is.” 

PBS has several stations try- 
ing out these concepts now, 
and it hopes to have the initial 
stations in production by July 
2004. “We are transforming 
the broadcast world into an 
IP world,” Mendes says. “Our 
complicated delivery environ- 
ment comes down to a supply 
chain management problem, 
with just-in-time inventory 
and all the things we have 
been hearing for years from 
manufacturing.” 

“Because of advances in 
IT, PBS can really begin to 
adopt these supply chain prin- 
ciples,” says Jim Wollack, a 
senior manager at Accenture 
Ltd. “Many industries will 
adopt these standards-based 
platforms and begin to do simi- 
lar things.” 

“These concepts will proba- 
bly be widely adopted world- 
wide because the savings and 
quality improvements are so 
compelling,” Mendes says. D 
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Arrogance Undermines 
Best Antivirus Defense 


Overconfidence and a series of mis- 
steps allow a virus through the corpo- 
rate defenses. By Vince Tuesday 


"VE ALWAYS BEEN PROUD OF 

my security team’s anti- 

virus defense and scathing 

in my criticism of other 
companies that have had virus 
problems, believing as I did 
that any organization can 
eliminate virus problems by 
using a simple, layered de- 
fense like ours. 

We deploy antivirus soft- 
ware on our desktops, on our 
file, Web and e-mail 
servers, and at the 
e-mail and Web gate- 
ways. We even use an 
outsourced e-mail 
scanning service. We 
use a range of ven- 
dors’ products and 
update signatures daily. I’m 
proud of that system. 

But then, pride goes before 
the fall. 

It started when the PC sup- 
port team reported that a user 
said he was receiving a weird 
e-mail message. An antivirus 
software pop-up had been re- 
porting a virus on the user’s 
machine since Thursday. Now 


it was Monday, and he was just | 


calling it in. 

This wasn’t good. We have 
centralized desktop virus re- 
porting, so we should have 
known about the problem 
right away and informed the 
user, not the other way 
around. What went wrong? 

The central antivirus server 
had been decommissioned for 


SECURITY 
MANAGER'S 
JOURNAL 


oer 


| gateway protection, this per- 
| son presumed we'd be OK 
| without the server for a few 
| days. Then those few days 
| stretched into weeks. 
Stupidly, I'd taken the com- 
| plete lack of alerts from this 
server to mean that there were 
no problems to report, when 
| in fact it indicated a failure in 
our reporting infrastructure. 
We managed to track the in- 
fection to a new 
user whose machine 
didn’t have antivirus 
software. This flies 
in the face of our an- 
tivirus policy. How 
could it have hap- 
pened? 
The support group’s process 
for new builds is to install 
| Windows and the applications 
and then push the antivirus 
| configuration from the central 
antivirus server — which was 
down for rebuilding 
| Not only did we not have 
| central reporting, but also we 
| had no protection on new ma- 
| chines rolled out during the 
two weeks the machine was 
down. What caused me to 
| miss this? In a word, compla- 
| cency. We hadn’t had a virus 


an upgrade from Windows NT | 


4 to Windows 2000, but the 
new build had problems and 
now no central server was on- 
line. Instead of getting the 
new server working and then 
turning off the old one, some- 
one decided it would be 
quicker to just rebuild the old 
one. With decent server and 


| Unprotected and 

| infected desktops 

| kept reinfecting files 

_ that we had scanned 

| and cleaned. It was 
like bailing water 
from the Titanic. 








had lowered our guard. 
Fortunately, the previously 


| deployed client software was 


configured to download up- 
dates from the Internet as well 


| as the central server, so at 
least the older desktop ma- 


chines were up to date with 
antivirus signatures. 


More Trouble 


| : " : 
| But it gets worse. This user 


also managed to infect an 
unauthorized file server in the 
development group. Luckily 
the virus was weak, only af- 
fecting .exe files and spread- 
ing by way of shared files. 

We attempted to purge the 
virus from that server, but our 
antivirus software kept crash- 
ing before we could finish 
scanning the machine. Mean- 
while, unprotected and infect- 
ed desktops kept reinfecting 
files that we had scanned and 
cleaned. It was like bailing wa- 
ter from the Titanic. So I dis- 
abled the network card on the 
file server to give us some 


| time to solve the problem. 


My team downloaded a 


| more recent, compatible ver- 


sion of the antivirus software 


| and installed it on the server. 


The scan then worked proper- 


| ly and we re-enabled the file 
server. 


By now it was the middle of 


| the night, but everything was 
outbreak for two years, and we | 
| software distribution job was 


just about back to normal. A 


rolling out the client software 
to all recently built PCs, and 
rebuilding the central anti- 
virus server was a top priority. 
But I received my biggest 


| shock a few days later, after a 


few late nights cleaning up 
and making sure everything 
was properly in place. 

A PC help desk staffer sub- 
scribes to Sophos PLC’s anti- 
virus e-newsletter and for- 
wards it each week to every- 
one involved in antivirus ef- 
forts. This week, when I 








opened the newsletter, I saw 
my company's name in the top 
story: “[My company’s name] 
hit by .exe-infecting virus.” 

My world went into pin- 
sharp focus, and I could feel 
time slow as I came to a stark 
realization: This was the end 
of my career. My company 
would excuse a minor virus 
incident, but if the press got 
wind of it, I would be hung out 
to dry. How could the news 
have gotten out? Why would 
Sophos publish such a story? 
We certainly wouldn’t be buy- 
ing their products again, I 
fumed, and I'd make it my sole 
goal to ruin their life as they 
had ruined mine. 

But when I started search- 
ing for the story on the 
Sophos Web site to get more 
details, I came up empty. Then 
it hit me. I called the PC help 


| desk staffer and politely asked 


if he had edited the newsletter 
before forwarding it. “Oh yes, 
I’m glad someone actually 
reads it. I added that myself, 


| since it was the big antivirus 
| news for us.” 


That added insult to injury. 


| Not only had I stopped paying 


attention to the fundamentals 
of my job, allowing a virus to 
slip in, but I'd also fallen for 


| what I should have realized 


was an obviously phony 
e-mail message. 
I’ve learned a valuable les- 


son about always checking 
| that the basics are working 
| properly. I just hope that I’ve 


suffered enough that the gods 


| leave me alone — at least for a 
| week or two. DB 


WHAT DO YOU THINK? 


This week's journal is written by a real 
security manager, “Vince Tuesday,” whose 
name and employer have been disguised 
for obvious reasons. Contact him at vince. 
tuesday@hushmail.com, or join the dis- 
cussion in our forum: QuickLink a1590 


To find a complete archive of our 
Security Manager's Journals, go online to 
@ computerworld.com/secjournal 


| 
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TAU 


the CEO,” is hardly a shocker, 
but I know of many organiza- 


in IT security, human re- 
sources or other areas of man- 
agement. If you'll excuse me, | 
must go and make sure we are 
following Rule 16, “Don't be 
set up by backup.” 

~ Vince Tuesday 


NAI Debuts Latest 
IntruShield Model 
Network Associates Inc. (NAI) 
in Santa Ciara, Calif., has an- 
nounced the IntruShield 1200, 
a 1U (1U=1.75 in.) rack-mount- 


but it sports two 10/100 Ether- 
net ports instead of four. Avail- 
able August 15, the 1200 will 
retail for $10,995. 


IntruShield 1200+ 
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Documentum Adds | 
To eRoom App 


Documentum Inc. has added new 
features, including project and 
program management capabilities, 
to its Room 7 Web-based collab- 
oration application. Multilevel se- 
curity and improved administrator 
management have also been 
added, according to the company. 
The application is available now, 
with pricing to be announced. 


SMC Rolls Out 
802.11 Hardware 


SMC Networks Inc. last week an- 
nounced EliteConnect products 
that conform to 802.11a, b and g 
connectivity standards. Available 
in August, the EliteConnect Uni- 


versal 2.4/5-GHz Wireless Access | 


Point will start at $499.99, and 
the EliteConnect Universal 2.4/ 
5-GHz Wireless CardBus Adapter 
will start at $89.99. 


3ware Updates 
RAID Controllers 


Sware Inc. announced last week 
the availability of its second-gen- 
eration Serial ATA RAID con- 


trollers, the Escalade 8506 series, | 


and its sixth-generation Parallel 
RAID controllers, the Escalade 
7506 series. The Escalade series 
now features 64-bit/66-MHz Pe- 
ripheral Component Interconnect 
bus support and four-, eight- and 
12-port configurations. 


Brightmail Unveils 
Anti-Spam 5.0 


Brightmail Inc. unveiled Bright- 
mail Anti-Spam 5.0 with Bright- 
Sig 2 and URL rules. The new 
antispam rule-generation tech- 
nologies eliminate the random- 
ness used by junk-mail senders to 
thwart existing antispam methods, 
said Brightmail. Brightmail Anti- 


Spam can be obtained as a hosted 


service, starting at about $1,499 
for 49 users and $14 per user for 
1,000 seats. It will also be avail- 
able as a stand-alone application; 
pricing hasn’t been announced. 


NICHOLAS PETRELEY 


Another Front in 
~ The Standards Wars 


T’S TIME for yet another standards rant. This 
time, I have in my sights a far more subtle villain 
than programs that refuse to run properly if 


you're not running the right version of Windows. 


It’s more subtle than the nightmare of reaching 
yet another Web site that refuses to work unless you’re 
using Microsoft Internet Explorer. I’m talking about 
the CPU in your computer, where all the real comput- 


ing action takes place. 


You’re probably unaware that you have a CPU com- 


patibility problem, because 
in most cases, nothing ever 
crashes or fails to run 
properly due to a lack of 
CPU standards. The com- 
patibility issue rears its 
head in terms of perfor- 
mance; what you may fail 
to notice is that your pro- 
grams don’t perform as 
well as they could. 

But you would notice if 
you did as I did a few 
months ago and started us- 
ing a Linux flavor called 
Gentoo Linux, which you 
can find at www.gentoo.org. 

When you install a Windows appli- 
cation, it’s precompiled and ready to 
run. Almost every software package 
available for Gentoo comes in the form 
of source code, not a precompiled exe- 
cutable file. Gentoo users build usable 
applications from the source code. 

If the application is a large one, such 
as the OpenOffice productivity suite, 
this takes a lot of time. It might take a 
day or two before the application is in- 
stalled and running. Power users often 
think it’s worth the wait, because the 
completed application is usually faster 
and sometimes more stable. You end 
up with faster software because you 
can customize the Gentoo packaging 





system to compile your ap- 
plications using the opti- 
mization settings of your 
choice. 

My workstation is based 
on the Athlon XP proces- 
sor, so I’ve customized my 
Gentoo settings to install 
all software by building it 
with various AMD Athlon 
XP optimizations, in addi- 
tion to other, more generic 
tweaks that apply to most 
other processors. 

The result is a double- 
edged sword. On one hand, 

all my applications run faster and 


| more smoothly. On the other hand, all 


the software I’ve installed on my sys- 
tem will work only on computers with 
an Athlon XP processor. The reason is 


| simple. The compiler sees my opti- 


mization settings and generates ma- 
chine instructions designed specifical- 
ly for the Athlon XP processors. 

If I copy the compiled versions of 
the programs to an Intel Pentium 4 
system, the programs won't run. A 
Pentium 4 is designed in such a way 
that it doesn’t understand some of the 
instructions for an Athlon XP. 

Chances are extremely good that 
you don’t have to worry about such 
things. If you’re a typical user, it’s like- 





ly that all the software on your system 
has been compiled to run on any x86- 
compatible processor. This is true for 
most power users and even most pro- 
grammers. Most of your software is 
compiled to run equally well on a 486, 
Pentium, Pentium II, Pentium III, Pen- 
tium 4, K6, Athlon, Athlon XP, Athlon 
MP or any of several other alternative 
x86-compatible systems. 

But in the interest of accuracy, I 
must point out that there are excep- 
tions, which brings me to my point. 

A graphics card driver may detect 
the presence of an AMD processor 
and use its special 3DNow instruc- 
tions. But in general, some of the best 
features of every system are going 

to waste. 

It really is an old story. The wasted 
power results from the fact that com- 
panies are motivated to differentiate 
and add value to their products in 
order to best their competitors. You 
can’t solve the problem by eliminating 
competition. 

And although I desire more stan- 
dards and conformity, I’m glad I can 
choose among different brands and 
models of processors. 

If AMD didn’t exist, Pentium 4s 
wouldn’t be as powerful as they are. 
But you can create standards that en- 
sure the players all compete according 
to the same rules. The other obvious 
solutions are too costly (a company 
could deliver multiple custom exe- 
cutables on every CD) or complex (the 
Gentoo self-compile approach). 

The only practical (but unlikely) 
solution that comes to mind is an ef- 
fective processor-standards group 
that companies such as AMD and Intel 
would respect and obey. What do 
you think? D 
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Don’t Kid Yourself | Thrift Thrives 

IT projects fail largely because of On Low Tech And You 
| 
| 
| 


| 
“delusional optimism,” says Dan Loval- Washington Federal is doing just | " Oracle’s effort to take over PeopleSoft 
| 


OPINION 
Oracle, PeopleSoft 


lo in this month’s Harvard Business Re- underscores the need for CIOs to protect 
their own interests in software contracts, 
says columnist Bart Perkins. Page 44 


fine financially — with a decidedly 
low-tech approach. Typewriters, 
yes. Voice mail, no. Page 40 


view, but IT managers can get a clearer 
picture of actual project risk. Page 42 
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VEN IN THE economic doldrums, 

CIOs are planning for better 

days. “We know we can’t do it 

now, but we can plan now so 

when things get better we’re 

ready to go,” says Tony Romero, 
CIO at Mitsubishi Motor Sales of America 
Inc. in Cypress, Calif. “If you wait for 
things to get better, it can take you a year to 
plan, and you've wasted a year.” 

The plans that CIOs are drawing up fo- 
cus on wireless technologies, Web portals, 
CRM, ERP, infrastructure improvements, 
skills upgrades and industry-specific busi- 
ness projects. Projects to upgrade security 
and meet regulatory requirements, which 
have gone forward despite the economy, 
will continue to be high priorities as well 
(see chart, next page). 

Better days may not be far off, says Bar- 
bara Gomolski, who tracks IT spending at 
Gartner Inc. “We're starting to see some 
signs of recovery,” she says. “There’s a lot of 
pent-up demand.” She expects to see some 
growth in IT spending by early next year. 

Even when that happens, no one antici- 
pates a return to the free-spending atmos- 
phere of the 1990s. “I expect that if/when 
an increase in IT spending comes, it will be 
conservative,’ Greg Tranter, CIO at A 
Allmerica Financial Corp. in Worcester, OCCUR ons (Cas Can Cue MIEt Grete mC Ruri nUriieec air ume mrc ier Css 
Mass. “Our strategy is to exercise focused 
discipline around technology spending, re- 
gardless of market conditions. 

“I’m afraid this is the way of life forever- 


more,” agrees Dennis Klinger, vice presi- 
dent for information management at Flori- 
da Power & Light Co. (FP&L) in Juno 
Beach. “We’re going to have to squeeze 
every penny.” 

Wish Lists 

But that’s not stopping the flow of ideas. 


Romero has used the downturn to complete . 
an IT assessment and develop a four-year ClOs are using the 


road map with “big steps and baby steps” 


depending on economic conditions. He’ll economic lull to figure out 

begin with a suppliers’ portal for manufac- . 7 

Mating single Web pomtorenty fora. | Whatinvestments they'll make 

tsubishi to collaborate with vendors. Then, when the economy picks up 

he’ll tackle new financial systems as the a 

first module in an ERP system for manuf By Kathleen Melymuka oe as = 


turing. “How fast we go depends on the size 
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of the recovery,” he says. For example, 
the back end of the supply portal may 
be connected at once or in stages, de- 
pending on how funds are flowing. 

“Portals are very hot,” says Gomol- 
ski. “Many big companies have accu- 
mulated all these different Web sites, 
and they’re not using the same lan- 
guage, and they’re not integrated,” she | 
explains. “They’re trying to get a single 
[contact] point.” 

Fran Dramis’ wish list spotlights 
CRM and infrastructure. “Upfront is 
customer care: customer acquisition, 
continuing to integrate our databases 
and products to help in the sales cy- 
cle,” says the CIO at BellSouth Corp. in 
Atlanta. “Also, we would accelerate the 
rollout of new IP capabilities — the 
support system that helps us to run 
new networks. That would be 1A and 
1B” on his priority list, he says. 

Dramis adds that the economic 
slowdown gave the business and IT 
time to step back and recalibrate. “The 
reflective phase gave the business a 
chance to reassess its priorities, and 
that gave us a chance to update the 
road map, so we have a whole set of 
plans about what we would attack,” he 
explains. As a result, he says, “when 
things loosen up the road map will 
flow even quicker.” 


Revamped Projects 

Tom Murphy is already implementing 
his wish list. After the bottom fell out 
of the cruise business late in 2000, 
Royal Caribbean Cruises Ltd. in Miami 
mothballed a massive IT initiative 
called Leapfrog. The billion-dollar 
plan included CRM, supply chain and 
human resources projects as well as 
enhancements to on-ship technology. 
Now, CIO Murphy is working on a 
more conservative version called 
Jumpstart. 

“Our industry had a speedy recov- 
ery, and we retracked our original 
Project Leapfrog into Jumpstart and 
defined a new strategy to take a more 
fiscally prudent approach,” he says. 

That approach targets the same gen- 
eral goals but breaks the execution into 
smaller, incremental chunks. It includes 
maintaining the current IT head count, 
supplemented by external resources 
such as San Diego-based outsourcer 
Science Applications International 
Corp., which Murphy has engaged to 
help with a Web site rebuild and the 
introduction of Java into the IT shop. 
He’s also strictly prioritizing project 
work, enhancements and support. 

Murphy has built an 18-month project 
pipeline including the Web overhaul, 





major database and data warehousing 
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The reflective phase gave 
the business a chance to 
reassess its priorities, and 


that gave us a chance to update the 
road map, so we have a whole set of 
plans about what we would attack. 


FRAN DRAMIS, Ci0, BELLSOUTH CORP. 


work and implementation of middle- 
ware for both ships and shore. “By im- 
plementing middleware, we're taking a 
component approach rather than the 
big-bang approach of Leapfrog,” he 
says. That way, “the company is in posi- 
tion to increase or decrease the spigot” 
depending on business conditions. 

Middleware and integration are high 
priorities for CIOs, Gomolski says. 
“They’re trying to take advantage of all 
the technology they have and get it all 
working together.” 

Klinger’s wish list at FP&L includes 
upgrading skills. “Right now, we’re 
rifle-shooting — doing just-in-time 
training — and I would certainly want 
to grow training” if the budget im- 
proves, he says. He’d also like to use 
mobile and wireless technologies to 


enable technicians and engineers any- 


where in a plant to get or report vital 
information. 

Klinger is working with his business 
executives on a formal strategic plan 
for IT. “IT capital dollars compete 





with plant and marketing dollars, so 
we try to make it clear what the IT in- 
vestment opportunity is, and that gets 
balanced against the overall opportuni- 


| ties,” he explains. 


Securing Compliance 
After a slowdown in 2002, the IT shop 
at Documentum Inc. in Pleasanton, 
Calif., is going full steam this year, says 
CIO George Lin. One of his top priori- 
ties is harnessing IT to help the com- 
pany comply with the Sarbanes-Oxley 
Act, a federal law that seeks to ensure 
the reliability of the financial state- 
ments of public companies. “This is 
the most urgent project all public com- 
panies have to work on,” he says. 
There’s also a major renovation of 


| the customer services Web site and 
| major enhancements to the PeopleSoft 
|} Inc. ERP software, including a human 


resources module and financial up- 
grades. Lin says he has also been work- 
ing on security and wireless technolo- 
gies and leveraging IT to integrate 


Spending Plans: 
Now and Later 


What are your 
priorities for 2003? 


BASE: Survey of 620 ClOs 


1. Security enhancement tools 

2. Application integration/ 
middleware/messaging 

3. Enterprise portal deployment 

4. Network infrastructure/ 
management tools 

5. Internal e-enabling infrastructure 

6. Web design, development 
and content management tools 

7. Storage management 

8. CRM 

9. Web services (internal and 
external) 

10. XML-based processes/ 
messaging 


SOURCE: GARTNER INC.. STAMFORD. 
CONN., JANUARY 2003 
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What are the first software 
projects you'll fund when 
the economy improves? 
20% 
20% 
16% 
16% 
14% 
14% 


CRM 

Security 

ERP 

Storage 

Application integration 
Corporate portals 

Supply chain management 


Business intelligence/data 
warehousing 


Analytic applications 


SOURCE: MERRILL LYNCH & CO., NEW YORK, 
FEBRUARY 2003 
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acquired companies quickly. 

One of the challenges for CIOs is 
keeping business managers enthusias- 
tic about IT at a time when low bud- 
gets mean low visibility for IT. “That’s 
very difficult,” Romero says. He’s kept 
the business interested by maintaining 
the most business-critical projects — 
call center systems for dealers — while 
delivering other small but appreciated 
projects such as a system to consoli- 
date divisional financial reporting and 
analysis. “Those are things we can do 
with the resources in hand,” he ex- 
plains. “We look for quick hits to main- 
tain awareness that IT is still here. And 
we keep the infrastructure going.” 

Allmerica’s Tranter has used the lull 
to focus on in-house work such as im- 
plementing best practices in project 
management, service-level manage- 
ment, root-cause analysis, metrics, 
skills management and vendor man- 
agement. “These initiatives got our 
staff, and consequently our leadership, 
charged up,” he says. 

But as much as anything, the process 
of refining the IT wish list keeps the 
business engaged. “We’ve got pent-up 
demand,” Dramis says. “In a down cy- 
cle, you really have to prioritize proj- 
ects, and the business helps, so we get 
even more business engagement than 
when money flows more easily.” 

Murphy agrees: “Now that we have 
the execs doing the IT priorities, be- 
lieve me, they are very engaged!” 

But although CIOs are eager to move 
ahead, some say the downturn has 
forced some needed introspection. 

“The IT spending slowdown is a gift 
for CIOs,” Lin says. “It helps us realize 
that sometimes the right thing to do is 
take a couple steps back and look at 
big picture.” 

In the boom days, he says, CIOs of- 
ten lacked that perspective and the re- 
sult was siloed projects with too little 
return on investment. “The slowdown 
taught CIOs to figure out the enter- 
prise way to work the business issues; 
to help the business in a cross-func- 
tional, holistic way, not a siloed way,” 
he says. “CIOs should use the slow- 
down to really build our input into the 
business. That will prepare us for the 
coming ramp-up.” D 





Melymuka is a Computerworld 
contributing writer. Contact her at 
kmelymuka@yahoo.com. 
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Open for 
Inspection 


The New York City 
Department of Build- 
ings putits bulky old 
database of construc- 
tion documents on the 
Web, where it’s avail- 
able anytime, any- 
where. By Julia King 


LONG LINES are a way of 

life most everywhere in 

New York, but not any- 

more at the New York City 
Department of Buildings. 

Since January, architects, engineers 
and other professionals have been able 
to go online to get the code, occupancy 
and safety information they need in or- 
der to work on the 900,000 buildings 
under the city’s jurisdiction. Before, 
they would have to queue up for hours 
at one of five borough offices outfitted 








with green-screen terminals linked to a 
17-year-old proprietary mainframe sys- 
tem. The process could take hours and 
hold up building projects for days or 


| even weeks. 


“At every step, from the beginning to 
the end of a project, we need to have 
constant access to city information, 
and the only way to get it was to make 


| atrip to the borough office,” says 
| Edouard Paknia, an engineer in train- 


ing at Advanced Professional Engi- 
neering PC in Brooklyn. 

Now Paknia and others can get the 
same data online in minutes, anytime, 
day or night. “Time is money, and that’s 
made a real difference,” he says. 

What's remarkable from an IT and a 
budgetary standpoint is how easy and 
relatively cheap it was for the city to 
make users’ lives so much easier, says 
Matti Friedman, the department’s di- 


| rector of application development. 


The Buildings Department used 
Software AG’s Entire X, a set of XML 
integration tools, to put a software- 
based “wrapper” around all of its Ad- 


| abas data and programs written in 


Software AG’s Natural programming 
language. This allowed mainframe data 
to be passed to the new Java-based 
Web system. “What the Entire X pack- 
age does is take existing Natural code 
and repackage it in different formats,” 


| Friedman explains. 


As for resources, it took two develop- 
ers — a Java developer and an Entire X 
expert, both from the city’s central De- 
partment of Information, Technology 


| and Telecommunications — less than 
| six months to come up with a proof-of- 
| concept Web site that recorded 10,800 
| hits on its first day last December. Today 
| the site is recording 135,000 hits daily. 


What’s more, the Buildings Depart- 


| ment’s IT staff of experienced Natural 


developers can maintain the depart- 


| ment’s legacy programs, something 
| that Friedman calls a “tremendous sav- 
| ings. We didn’t have to throw every- 


thing out and start from scratch. We 

could use existing business logic, plus | 

make a nice front end and put itallon | 

the Web,” he says. | 
Another benefit Friedman 

anticipates is an improve- 

ment in internal employee 

efficiency, thanks to a separate 


| upgrade that will make the 
| Adabas database SQL-com- 


pliant and thus available to 
other PC-based applications. 


| This will make mainframe 


data directly available to em- 
ployees, who now need to 
have the IT staff translate it 
into a format that they can 


didn’t have to throw 
everything out and 
start from scratch.” 
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New York City 
De ment of 
ildings 
MISSION: To “ensure the safe and lawful 


use of buildings and properties by enforcing 
the building code” and zoning rules. 


BUDGET (FISCAL 2002). 


= Expenditures: $56.23 million 
= Revenue: $77.5 million 


TASKS: Reviews and approves plans for 
proposed construction, alteration and use 
of buildings. Inspects construction work in 
progress and performs final inspections for 
occupancy permits. Investigates com- 
plaints regarding the structural integrity of 
and builders’ pavement plans. 


SOURCE: WWW NYC. GOV/HTML/DO8/HOME HTML 


| download into various reporting and 


spreadsheet programs. 
In the corporate arena, Web-enabling 


| mainframe systems is neither new nor 


rocket science. “The real novelty here 
is that this is a big municipal user,” 
notes Uttam Narsu, an analyst at Giga 
Information Group Inc. 

“At government agencies at the city, 
state and federal levels, there is so 
much siloed information locked up in a 
variety of systems. But they don’t have 
the luxury that big corporations have” 


| to scrap systems and buy expensive 


new ones, Narsu says. “They are essen- 
tially stuck with what they’ve got, and 


| they have to figure out ways to lever- 


age that information.” 
Friedman says the next step for the 


| Web site is enabling users to file per- 
| mit applications, plans and other doc- 
| uments with the department. This 

| would require the ability to accept 
computer-aided design and graphics 


files. The city would also need to es- 


| tablish a means of collecting filing fees 
| electronically or processing credit card 
| payments, which it’s expected to do in 


the next few months, Friedman says. 
The Buildings Department is also 
studying long-term strate- 
gies, such as using Adabas 
as a repository and integrat- 
ing other third-party soft- 
ware applications, or replac- 
ing the entire system with 
a commercial Web-based 
system. 
In the meantime, Friedman 
“We says, “just being able to take 
a legacy system and with 
minimal effort put it on the 
Web is tremendous.” D 
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Thrift Thrives 
On Low Tech 


Ultraefficient Washington 
Federal does just fine with- 
out the latest technologies. 


T’S ONE OF THE WEST'S fastest-growing sav- 
ings and loans, with 119 branches in eight 
states and $7.4 billion in assets. Yet it owns 
no automated teller machines. It has no 
online banking. No voice mail. No “press 3” 
automated phone system. Typewriters still 
sit on desks at headquarters, and there are 
only five Internet-connected PCs. 

So, how does this business survive? 

Superbly, says Washington Federal Savings and 
Loan Association in Seattle, which last year reported 
record earnings of $144 million, a 27% increase over 
fiscal 2001. At a time when critics are questioning 
the value of IT, Washington Federal seems to be 
proving those contrarians right: Less is more. 


Washington Federal keeps its technology spending | 


down to 1% of its annual operating expenses and has 
a 1980s-style IT department of seven. 

“We say, ‘Don’t spend a dollar when a dime will 
do,” says Roy M. Whitehead, president and CEO. 

Whitehead boasts that Washington Federal has the 
best efficiency ratio in the thrift industry: 18%, com- 
pared with the industry average of 45%. That means 
that while other thrifts spend 45 cents to produce $1 
of net revenue, Washington Federal spends 18 cents 
(including the 1 cent for IT) to earn a buck. 

“We measure any investment — whether in peo- 
ple, in brick and mortar, or technology — relative to 
the impact it will have on our efficiency ratio,” says 
Whitehead. 


‘High-Touch’ Service 

One reason Washington Federal can spend so little 
on IT is that it has a simple, low-tech collection of 
services: passbook savings, certificates of deposit, 
money market accounts, interest-bearing checking 
accounts and fixed-rate home mortgages. 

“We use technology when it allows us to deliver a 
higher level of customer service more profitably,” 
Whitehead says. “However, our customer base is one 
that is older and probably longing for ‘high-touch’ 
levels of service that they can’t get at other institu- 
tions, which seem focused on delivering product at 
the lowest per-unit transaction cost.” 


| be great, 





So Washington Federal employees answer their 


| own phones. And if they don’t use typewriters, they 


use the WordPad applet that comes free with Micro- 
soft Windows 98. The company’s Web site provides 
customer and investor information, with a single 


| e-mail contact for inquiries. 


“The whole concept of not having a high-tech en- 
vironment isn’t particularly new, but it seems [Wash 
ington Federal has] raised it to an art form,” says 
Jerry Silva, an analyst at Needham, Mass.-based 
TowerGroup. 

So, what does Washington Federal’s IT chief think 
of this low-tech operation? “You really have to let go 
of anything that’s ‘cool’ or ‘gee whiz’ or ‘would this 
’” says Terry O. Permenter, manager of in- 
formation systems. “And you have to say, ‘What real- 
ly makes sense for the bottom line?’ Sometimes that’s 
frustrating, because that ‘cool, gee-whiz’ stuff is pret- 
ty fun. The discipline of our business model is pretty 


| powerful.” Permenter started working at the thrift as 


a programmer 21] years ago. “I am very proud of 
Washington Federal,” he says. “We are so off-the- 
chart that people have a hard time believing it.” 

Whitehead acknowledges that technology pro- 
duces efficiencies and increases productivity in 
many environments; he joined Washington Federal 
in 1998 from high-tech Wells Fargo & Co. 

“On the other hand, we have a very simple busi- 
ness, and the key to our profitability is our efficien- 
cy,” he says. “A simple business requires a simple 
technology platform.” 

Sometimes, however, even Washington Federal has 


| to upgrade its systems. Two years ago, the company 


decided that it needed to upgrade the teller hardware 
and software that’s connected to its 20-year-old 
core banking system. 
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Washington Federal 
Savings 


Why? Because it was no longer possible to find 
parts to repair the old teller PCs, which used the 
ancient Z80 chip and CP/M operating system. The 
last units Washington Federal had acquired were 
bought by the pound as scrap and refurbished, 
Permenter explains. 

So in November 2001, the company installed a new 
teller and branch-automation system from Bench- 
mark Data Corp. in Roswell, Ga., which was willing 
to scale down and simplify the system to meet Wash- 
ington Federal’s need for speedy customer service. 


Homegrown Cobol Rules 

Washington Federal didn’t want to replace its core 
banking system, though, so it was pleased to find that 
the Benchmark system was compatible with it, re- 
calls Permenter. The banking system runs on a 
Hewlett-Packard Co. fault-tolerant S76 server with 
homegrown code that was written in Cobol in the 
late 1970s. “Things like Java and XML get a lot of 
press, but most of the world’s real business still hap- 
pens in Cobol, and I suspect it will after I retire,” 
Permeniter says. 

When it comes to advanced technology such as 
the automated credit-scoring models used by other 
financial institutions, Whitehead remains suspicious. 
He notes that Washington Federal’s mortgage delin- 
quency rate is 0.77%, compared with the industry 
average of 3.4%. 

“Looking at those numbers causes me to wonder 
over the long haul how effective that technology will 
be in managing risk,” says Whitehead. “Technology 
is a wonderful thing if it works. But if it doesn’t work 
and it’s widely applied in society or an industry, it 
can lead us all right off a cliff.” » 





Winkler is a freelance writer in Seattle. She can be 
reached at winklerconnie@yahoo.com. 
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Dont Kid 
Yourself 


IT projects fail be- 
cause managers kid 
themselves from the 
start about their 
chances of success. 
That’s the message 
DAN LOVALLO and 
Daniel Kahneman de- 
liver in the July issue 
of Harvard Business 
Review. When fore- 


a risky project, they say, decision-makers 
become swept up by a “delusional opti- 
mism.” Rather than rationally weighing 
pluses and minuses, they “spin scenarios 
of success” while overlooking risks, ac- 
cording to Lovallo and Kahneman. 

Lovallo, a senior lecturer at the Aus- 
tralian Graduate School of Management 
at the University of New South Wales, 
told Kathleen Melymuka how IT leaders 
can curb their enthusiasm and inject 
realism into project forecasting. 


What makes IT leaders overly optimistic 
about a project’s chance of success? Peo- 
ple’s natural inclination is to be opti- 
mistic. One of the most ubiquitous 
findings in social psychology is the 
above-average effect. When people are 
asked how they compare to peers in all 
kinds of areas, almost nobody thinks 
they’re below the mean, which, of 
course, is logically not possible. 


What is “anchoring,” and how might it lead 
to overoptimism in an IT project? In an IT 
project, typically the initial plans are 
really realistic best-case scenarios. If 
you remain anchored to those, any ad- 
justment away from that is unlikely to 
get far enough away to get to realism. 


| In today’s economic environment, does the 


| tendency to be overly optimistic? Optimism 
| is pretty consistent, but the greater the 
| organizational pressure, the more like- 
| ly you are to get skewed forecasts. 


| pressure on people to come up with 

| some sort of very optimistic ROI num- 
| ber, they’ll get the number because 

| they’re engineering optimism. 

casting the outcome of | 

| You say managers are also prone to the “illu- 
| sion that they are in control.” Can you ex- 


| Many IT project managers use scenario plan- 


| all the things that might go wrong. It’s 


| to happen in the future. 


| And that’s what you call the “outside view"? 
| When you take an outside view, you 





mates, how much time it took relative 
to what they initially thought. Then you 
ask, “How does our project differ from 


| these?” You determine your place in 


organizational pressure for ROI magnify the 


When an organization puts a lot of 


plain? Managers don’t see themselves 
as gambling or taking risks. They’re 
very proactive in trying to remove all 
risk in the environment. Frequently 
they won’t even acknowledge that a 
large degree of risk is still left. When a 
manager has a plan, he almost always 
overestimates his degree of control. 


ning to mitigate risk. Isn’t that effective? It 
could be, and it’s good that they do it. 
The problem is that it’s hard to think of 
easy to think about how you could 
complete the plan, and that may even 
be the most likely scenario, but it still 
doesn’t mean it’s very likely. So many 
things can go wrong. Better to look at 
what’s happened in the past with other 
IT projects as a guide to what’s going 


look at a reference class of similar 
projects, both in your organization and 
outside. Then you look at how much 





they spent relative to their initial esti- 


; that class. Out of that come forecasts 


that are likely to be more realistic. 


| How difficult is it to get this outside data? If 
| you’re an IT manager, it shouldn’t be 


hard to get this information from in- 


| side your firm, and it also tells people 
| what type of data they should be 
| recording for the future. For outside 


In their Harvard Business Review article, 
Dan Lovallo and Daniel Kahneman say 
IT project managers should compare 


their proposed projects with similar ones 
that have been done before. Here's how: 


Select a reference class of projects 
based on characteristics (content, 
resources, budget, time con- 
straints) that will help you assess 
your own project's chances. 


Document the outcomes of the ref- 
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data, consultants like [McKinsey & 
Co.] are good at helping firms get this. 
This is a place where there’s room for 
firms to cooperate and there’s a role for 
industry groups in trying to help them 
figure out how not to waste money. 


If i temper my overoptimism about my pro- 
posed project, won’t I lose funding to a more 
optimistic competing project? It’s difficult. 
The change has to come from the top 
of the organization. There has to be a 
policy and a process that asks people 
to back things up based on facts. 


If | do get funded, wouldn’t the more nega- 
tive outside view destroy my project team’s 
ability to stay “up” and enthusiastic? Here’s 
where it’s important to draw a distinc- 
tion between decision and action. You 
want the outside view when you’re 
making the decision; when you're tak- 
ing action, let the optimism seep in. 


What if my team and our processes really 
are better than those in the outside projects 
cited? You would have reasons to say 
why they are better, and those reasons 
should be based on objective predic- 
tors of success: the experience of the 
team, how well the organization has 
done in the past, how much money is 
behind it. If, based on this, you figure 
you're in the 95th percentile of the dis- 
tribution, then you’ve got a reason to 
say that. 


What if I’m planning a unique project or 
working with new technology that really has 
no track record? This has never hap- 
pened. It’s the first time for you, but 
it’s not the first time somebody tried to 
install a new IT system with a new 
technology. So your reference class in- 
cludes projects with new technologies 
never used before. 


What if my inside view is great and the out- 
side view predicts failure? Do | trust the ex- 
perience of outsiders more than the projec- 
tions of my colleagues? The outside view 
is an objective statistical view. If that 
suggests that you’re going to fail, but 
the inside-view forecasts suggest you'll 
succeed, it’s time to take a step back 
and re-evaluate the project and possi- 
bly call it quits. The outside view is 
much, much more likely to be accurate 
than the inside view. D 





Melymuka is a Computerworld 
contributing writer. You can contact 
her at kmelymuka@yahoo.com. 





This is the latest in a series of monthly discus- 
sions with Harvard Business Review authors on 
topics of interest to IT managers. 

















WebSphere software . 





id 5 
See old apps combine with new apps. = 


See customers connect with partners." sata 


a 


See today’s stuff click with tomorrow's. sa agar 
; ; rie ; 2 


° 


Ba) eleysso ari 8 s10 ae Integration 
era. Open and TEM CMN eleisie uy: 
Re CM Sag Re ce 
demands, on demand. tat) 


ee Re 


TM ele mie Bad 21 B 
ps dante at eae Rime ck eT Oa 





44 COMPUTERWORLD July 21, 2003 


Orbitz Appoints 
Hjelm as CTO 


Orbitz LLC has 
named Christo- 
pher Hjelm as 
chief technology 
officer, replacing 
Alex Zoghiin, 
who stepped 
down in April. 


Hjelm has nearly | 


20 years of experience as a tech- 
nology executive and will lead the 
Chicago-based company’s technol- 
ogy strategies, engineering, archi- 
tecture and site operations. 

Before joining Orbitz, Hjelm was 
senior vice president for technology 
at eBay Inc. He brings airline and 


hospitality experience from 14 years 


as ClO at FedEx Corp. and his role 
as CEO of Zoho Corp., a start-up in 
Sunnyvale, Calif., offering an e-pro- 
curement and financial system for 
the hospitality industry. 


Survey Shows Web 
Services Kicking In 


The results of a survey conducted 
earlier this year by Cutter Consor- 
tium show that companies are 
adopting Web services technology 
at a rapid pace. According to 240 
respondents, 30% are developing 
production applications, 23% are 
prototyping, 16% are gathering in- 
formation, 15% are evaluating, and 
13% are already running business- 
critical applications. Other survey 
highlights include the following: 

@ Independent platforms and 
flexibility were the most popular 
reasons for using Web services. 

@ Security, complexity and imma- 
ture standards, and a lack of shared 
vocabularies were considered the 
three greatest obstacles. 

@ Compatibility problems with 
other companies or internal groups 
have been low, with 47% of respon- 
dents reporting no problems and 
41% reporting only slight difficulty; 
12% have had serious difficulty. 

@ Four of the most popular 
servers used to deploy Web services 
were Microsoft .Net (39%), IBM 
WebSphere (28%), BEA WebLogic 
(24%) and Sun Open Net Environ- 
ment (20%). 
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Oracle, PeopleSoft 
And 


F YOUR STRATEGIC SUPPLIER is the victim of a 

hostile takeover, who worries about your inter- 

ests? Oracle’s recent offer for PeopleSoft high- 

lights industry consolidation issues. As part of 

the proposed takeover, Larry Ellison has threat- 
ened to stop supporting PeopleSoft applications, leav- 
ing PeopleSoft users adrift. PeopleSoft responded with 
a poison pill, offering to refund twice its license fee if 


it is acquired and the new 
owner drops support for 
PeopleSoft applications 
within two years [Quick- 
link 39343]. Today, virtually 
every CIO is worried that 

a strategic supplier will be 
taken over and that support 
will slip. 

What can be done? I con- 
ducted an informal survey 
of IT buyers. Many sug- 
gested escrowing source 
code as protection. With 
smaller software suppliers, 
contracts often give the 
buyer rights to the source 
code if the seller goes out 
of business or abandons 
the software. However, very few soft- 
ware companies will actually allow the 
source code to be released in the event 
of a takeover. Even with intellectual 
property protection, doing so would 
significantly lower the company’s val- 
ue. With large software suppliers, es- 
crow clauses are rare, and they don’t 
do the buyer much good anyway. Few 
buyers can afford or have the skills to 
maintain the source code for applica- 
tions the size of PeopleSoft’s. 

Buyers sometimes ask for contract 
clauses allowing them to terminate 
their contracts or receive refunds 
in the event of a takeover. In general, 
these provide minimal benefit. When 





you implement new soft- 
ware, you generally change 
your business processes. 
Even if you get your mon- 
ey back, you still have to 
go through the pain and 
expense of a second imple- 
mentation, not to mention 
the time and effort re- 
quired to select, educate 
and build a relationship 
with a new supplier. 
Unfortunately, it’s too 
late for PeopleSoft users to 
start protecting themselves 
from the possible Oracle 
takeover. However, the 
episode emphasizes the 
importance of anticipating 
similar situations. In future sourcing 
decisions, you can do the following: 
® Streamline your architecture. Design the 
architecture with ease of substitution 


| in mind — use standard interfaces and 


commodity products where possible. 

® Conduct your due diligence thoroughly. 
Part of your evaluation should focus 
on supplier viability and business 
strategy. Is the supplier’s management 
team involved, committed and hungry? 
Is the company making money? Does 
it have enough cash to continue in- 
vesting in the product if sales decline? 
Does its business strategy meet your 
goals? How will its future product line 
affect your architecture? 





@ Put all vendor commitments into the con- 
tract. Contractual agreements must be 
honored, even in takeovers. Include ex- 
plicit performance and service guaran- 
tees, covering things like response 
time. (One CIO purchased new soft- 
ware only to find that “nightly process- 
ing” took four days.) Demand product 
support for a specified length of time. 

@ Increase your breadth of knowledge. In- 
dustry futurist and Computerworld 
columnist Thornton May has studied 
CIO communications and concluded 
that CIOs “need to get out more.” 
They spend less than 9% of their time 
talking to industry analysts, other 
CIOs, journalists and their company’s 
customers. You must stay current. 
Read the trade press. Attend confer- 
ences. Talk to peers and customers. 

® Consider buying through an industry con- 
sortium. Buying groups can leverage 
aggregated demand and swing the bal- 
ance of power away from the supplier. 

@ Volunteer for the supplier’s advisory board. 
Even better, get your business execu- 
tive sponsor to volunteer. If the soft- 
ware company is acquired, the acquir- 
er will usually ask the advisory board 
for help keeping existing customers. 

® Above all, develop solid contingency plans. 
Have a backup for every strategic sup- 
plier, no matter how solid it seems. 
Microsoft and IBM have enough spare 
cash to make any other vendor vulner- 
able to an acquisition! 

It’s difficult to protect yourself in 
the middle of a takeover. The best you 
can do is to be proactive: Streamline 
your architecture, write a tight con- 
tract, and stay on top of industry 
trends. You can’t prevent supplier 
takeovers, but you can minimize 
the effect on your IT organization. D 


WANT OUR OPINION? 


For more columns and links to our archives, go to 
www.computerworld.com/opinions 
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TT EDUCATION, TRAINING & CERTIFICATION 


professionals, ranging from those made available by 

companies such as SAP and Microsoft to those that 
address some critical IT need. The courses are designed to 
provide knowledge and to provide a new capability that 
can be applied back at work, immediately. 

In the past two years, as the IT profession has been 
batted about like a bad badminton birdie, enrollment in 
certification programs has dropped. However, certification 
programs are starting to see an upsurge, along with efforts 
to make the training more valuable. 

Among the trends: more hands-on, facilitated labs to 
put knowledge to work and more curriculum that helps 
mid-level managers and non-IT people increase their range 
of skills. A third trend is that there's more blending 
between on-line instruction and instructor- or mentor-led 
instruction in the project management end of skills, 
bringing enrollees more value. 

Roland Van Liew, president of HOTT (Hands On 
Technology Transfer) Inc., says enrollment for his hands-on 
focused training organization has doubled in the past year. 
“We know that certifications may help you get an 
interview, but they aren't going to help you get and keep a 
job. Only competence will do that,” he says. 

Originally on-line courses and certification didn’t 
include hands-on labs. “I'd say 80% of the certification 
groups have changed to offer a program that shows 


Tenis of certification courses are offered to IT 


Advertising Supplement 


participants how to use the program or application to 
solve a problem," says Van Liew. “We want you to get 
more than a highlight of features. Yes, we want you to 
know a lot about JAVA syntax, but more important is that 
you use it to develop a site that is usable.” 
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Thomson NETg, in its two-year study of corporate 
learning, found that a blend of hands-on labs (known as 
scenario-based exercises) with mentor and on-line 
learning with appropriate unit tests, produced the best 
results. The report, Thomson's Job Impact Study: The Next 
Generation of Corporate Learning, states that blended 
learning with the hands-on, facilitated labs improves 
accuracy by 30% and speed of skill acquisition by 41%. 

Van Liew says that certifications supporting open 
systems are among the most popular. “JAVA is burning hot 
right now,” Van Liew says, as is PHP. Other hot 
certifications are ASP, CGI, MCSC, MCSD and MCSE. There's 
been a major increase in security certification offerings, 
including a major uptick for the SANS (System 
Administrators, Audit, Network, Security) Institute, which 
now has 156,000 government and commercial 
participants. Security, however, remains a small portion of 


the overall IT population looking for training. 


For more information about IT Careers advertising, 
please contact: 

Nancy Percival 

Vice President, Recruitment Advertising 

800.762.2977 

500 Old Connecticut Path 

Framingham, MA 01701 

Produced by Carole R. Hedden 
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projects in on time and under 
budget, you really need to 
know what you're doing as 
a project manager. Formal 
project management training 
is important to build 
problem solving, people 
and management skills. 


Whatever information technology 
means to you, the Graduate School, 
USDA can help. We offer high-quality 
and affordable IT training in 
state-of-the-art computer labs. Our 
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Boston University has a network 
of Education Affiliates offering 
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NEED TO HIRE Master’s Degree Program (IS:AIM) 


IT’ EDUCATION, TRAINING & CERTIFICAT 


We live in a world of exponential change, both in technology and scientific 
research. The National Center for Supercomputing Applications (NCSA) at the 
University of Illinois at Urbana-Champaign deploys hardware and creates 
software and tools to enable breakthrough scientific research and enhance 
national competitiveness. We are a leader in defining the future’s high 
performance computing infrastructure for scientists and society and we are 
seeking an Associate Director who will provide leadership in shaping the program 
direction for our R&D and operation efforts in data and information management. 


Associate Director of Data and Information Management 
The primary function of this position is to lead, support, coordinate, represent and 
promote activities at NCSA that focus on data and information management and 
data-intensive applications in a high-performance computing context. This 
includes groups responsible for data storage and file systems, |/O middleware, 
data models and formats, I/O performance analysis, scientific databases, and 
certain data intensive applications. We will rely on you to shape a research and 
production agenda; identify applications with the national user community, NSF's 
Partnerships for Advanced Computational Infrastructure (PAC!) and TeraGrid 
Projects, and industrial and government partners; seek additional funding 
suurces; create reports; and coordinate activities with other divisions. 


A bachelor’s degree in Computer Science, Engineering or related field is required 
Advanced degree preferred. Significant experience in data and information is 
necessary, as is 3-5 years experience at a senior managerial level. Other 
requirements include: 5 years experience in activities associated with data and 
information management in a high-performance computing environment; 
5 years experience managing technical personnel; and 5 years in a project 
management role. Strong leadership skills will be critical to your success. 


This is an academic professional position at NCSA and is a 12-month, 100%-time 
appointment with regular University benefits. Salary commensurate with 
experience. Starting date as soon as possible after the closing date of the search. 
To ensure full consideration, please send letter of application, resume, and three 
letters of reference referencing Search #8773, by e-mail (preferably) to: 
career@ncsa.uiuc.edu [text only] by July 2, 2003. Interviews may be conducted 
before the closing date, although no hiring decisions will be made until after the 
search has closed. Mail to: NCSA Human Resources, Search #8773, 152 Computing 
Applications Building, 605 E. Springfield Avenue, Champaign, IL 61820. 
PH: 217-333-6085. Fax: 217-244-9878. 


http://www.ncsa.uiuc.edu/About/NCSA/Employ/ 
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IS PROJECT MANAGEMENT PROGRAM 


A 10-week comprehensive program covering current best practices in information systems project 
management. Topics: system development methodologies; CASE tools; project management soft 
ware; organizing and staffing the project team; conflict resolution techniques; negotiation skills; man 
agement functions and tools; planning, integrating and executing plans; network scheduling tech 
niques; forecasting and estimation; project control; risk management; quality management; user train 
ing; test plans; unit, integration and system testing, project post-mortem, maintenance, version con 
trol; contracts and procurement; evaluation tools 


IP TELEPHONY PROGRAM 


A 12-week integrated program focusing on designing and implementing fully converged IP 
telephony networks. Topics: telecommunications technology; network fundamentals; systems and 
network design and implementation; convergence of telecommunications technologies; voice over IP 
concepts and design; voice/data integration; advanced networks: ATM, DSL, DWDM, frame relay 
and gigabit Ethernet; wireless and satellite communications; telecommunications management 


LOCAL AREA NETWORKS PROGRAM 


A 12-week intensive program in the fundamentals of local area networks, wide area networks, and 
data communications. The program covers a wide variety of network configuration and management 
tasks ranging from the hardware level up through the administration of Novell, Windows 2003, and 
UNIX services. Lectures are complemented by hands-on work in a state-of-the-art laboratory that 
emphasizes common administrative tasks including web servers, firewalls, network security, and 
enterprise router configuration 





NETWORK SECURITY PROGRAM 


An 11-week intensive program in the fundamentals of network security, hosts security, and 
Information Assurance. The program covers a wide variety of security technologies using 
configuration and management tasks ranging from the setup of secured servers, firewalls and Virtual 
Private Networks (VPNs) through the development of comprehensive enterprise security architecture 
security policies and security auditing methods. Lectures are complemented by hands-on work in a 
state-of-the-art laboratory that emphasizes essential network security tasks using Cisco, Checkpoint 
Microsoft, ISS, RSA, Linux and Open-Source products and tools 


STANDARDS-BASED WEB DESIGN PROGRAM 


A 7-week comprehensive program covering current best practices in web design based on new mark 
up, presentation, and accessibility standards. Topics: XHTML; CSS; DHTML; separating content 
from presentation; table-free layouts; designing for legacy browsers; Document Type De ation 
validation; converting existing documents 


DATABASE TECHNOLOGIES PROGRAM 


A 12-week comprehensive program covering database applications development and administration 
using Oracle. Topics: RDBMS fundamentals; E/R modeling; database design and normalization 
SQL; PL/SQL; triggers and stored procedures; Oracle architecture; database administration; network 
ing; backup and recovery; Oracle utilities; Oracle performance tuning and optimization; replication 


J2EE DEVELOPER PROGRAM 


A 10-week in-depth program covering enterprise-wide applications development using J2EE for pro 
grammers. Topics: J2EE architecture; JDBC; EJBs: entity, session, and mess: driven beans; EJB 
containers; network programming; JNDI; RMI; JMS; servlets and JSP; tag libraries; XML; SAX, 
DOM, and JDOOM; SOAP and Web services; application servers; deployment; life cycle maintenance 
transactions; security; interfacing with legacy applications. 


JAVA DEVELOPER PROGRAM 


A 10-week comprehensive program covering object-oriented applications development using Java for 
programmers. Topics: Java basics; object-oriented programming; standard Java ciass libraries; JDBC 
network programming; distributed systems; AWT and JFC/Swing; Java beans; applets and servlets 
Java Virtual Machine (JVM); security; multi-threaded programming; RMI; JMS; XML 


-NET DEVELOPER PROGRAM 


A 10-week comprehensive program covering .NET technologies for programmers. Topics: .NET 
framework; Common Language Runtime (CLR); Common Language Specification (CLS); Common 
Type System (CTS); memory management; framework libraries; assemblies; VS.NET; VB.NET lan 
guage; components; C# language; structured exception handling; ADO.NET,; COM/COM++ interoper 
ability; NET remoting; XML support; WinForms; versioning and Global Assembly Cache (GAC) 
threading models; ASP.NET; Web Forms; SOAP; Web services; .NET security 


WEB DEVELOPER PROGRAM 


A 10-week in-depth program covering the technologies and techniques of Web development for 
programmers. Topics: HTML, CSS and XML; C# and .NET environment; ASP.NET; HTTP; Web 
servers; CGI programming in Perl; JavaScript; Web services; Java Server Pages; securing Web 
applications. 


For more information by phone: (312) 362-6282 
by fax back: (312) 362-6377 
by Internet: http://ipd.cti.depaul.edu/itc 
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IT Professionals 
Consultant 


Design applications using VB 
NET, application architectures 
and SQL Server databases as 
well as document requirements 
using Rational Requisite Pro 
Capture system requirement us- 
ing Case Modeling. Write « 
plex pieces of VB code and 
other codes. Create and imple- 
ment the security architecture of 
systems using encrypted cook- 
ies. Create websites and data 
base instances utilizing n-tier 
(client-server and web-based 
applications). Responsible for 
the design, construction, mainte- 
nance and scheduling of forms 
and reports in system environ- 
ment utilizing Crystal Reports for 
projects. Create mockups of 
reports to facilitate Joint Applica 
tion Development Sessions/dis- 
cussions and suggest changes 
to the layout for enhancement of 
usage. Manage development 
process and validate accuracy 
of all design specification. As- 
sist developers with business 
logic and requirements pertain- 

the forms and ports and 
1 mapping data elements on the 
form or report to the system data 
mode! ensuring that all coding 
standards are followed. Act as a 
liaison between the test team 
and the development team and 
participate in checking all forms 
and reports, reporting related 

and incidents, classif 
the bugs and _ incident 
change requests (enhanc 
ments) or real incidents 


WAGE: $68,000/year 


REQUIREMENTS 
B nputer 
any type) 
inistration 
or Information Systems + 
years exp. in the job o 
years exp. as a Consultant, Sys: 
tems Analyst or Software Engin 
eer. At least 1 year of reiated 
experience must include \ 
SQL Server Databases 
Crystal Reports, N-tier Ap 
client-server and 
based), Rational Requisiti 
and Case Modeling 


Please send your resume, refer: 
jencing Job Order Number WEB 
3 44 to the: PA Career 
Link/Job Service, Site Adminis- 
trator, Greene County Team PA 
CareerLink 4 \ 

Waynesburg, PA 


plex 
app! 
measurement 
trading operations. Will build mult 
ications 
ance data for 
quantitative ar ts, traders. 
fund man desig 
develop applications to support sta 
tistical, time senes and other quant 
tative analysis of trad 
data, generated in 
ges worldwide. W 
nalysts, traders, and ve: 
determine the reliability of t 
software p 
advisor on projec 
Will develop tools that help analyst 
study historical and current trend 
n the equity trading market Will act 
as a technical resource across func 
tional organizations. Will extensively 
ombinations of the fol- 
vologies: JAVA, Oracle 
ai Basic, Visual Basic for App! 
ns, EJB, JSP, HTML, RMI, JN 
C++, C, CORBA, S+, COM, PL/SQL 
UML, Windows NT, and UNIX she’ 
scripts. Requires Bachelors or equ 
ivalent in Computer Science, Engin- 
eering, Math, or Physics and three 
(3) years in job offered OR three (3) 
years experience archit 
signing, and developing 
er and web based applications 
Candidate must also possess dem- 
onstrated expertise designing and 
developing multi-layered, secure 
Internet and Intranet applications 
using various combinations of JAVA. 
EJB, and HTML; demonstrated in. 
depth knowledge in designing and 
developing n-tier client/server appli 
cations using Visual Basic, and 
database API's; and demonstrated 
expertise in object-oriented pro- 
gramming environment using third 
party software components includ- 
ing databases and middleware 
Salary: $90,500/yr, M-F 9AM-5PM 
Send 2 resumes to Case 
#200202263, Labor Exchange 
Office, 19 Staniford St., ist fi 
Boston, MA 02114. EOE. Applicants 
must be U.S. workers eligible to 
accept full-time employment in U.S 
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Silicus Technologies, Inc., is a lead- 
ing business technology, IT sys: 
tems integration and solutions firm 
specializes in providing customized 
business technology solutions and 
services. Our company currently 
has openings for the following 


Business Intelligence Lead 


Design business process flow, data 
models, testing, and software de 
sign specifications. Process busi- 
ness reengineering, technical spec- 
fications, and develop project 
plans. Facilitate JAD sessions or 
GAP analysis sessions with users. 
Evaluate new business initiatives 
and implement systems solutions 
to support them. Design standard 
practices and procedures. Experi- 
ence in systems development life 
cycle methodology using CO 

project software, SQL, UML, OO 
Design principles, J2EE, RDBMS 
web development (COM, DCOM). 
client/server architecture. Need 2 
years of experience in related field. 


Programmer Analysts: 


Plan, test and develop Internet 
based programs for ERP pack 
ages, asset management, sales 
force automation and E-commerce 
Expertise in In tion Techn 
gies in core SAP R/3 includes IT 
EDI, Workflow, Business Connect- 
or and Web Application Server 
Design and develop client-server 
applications using RDBMS, VB 
ASP, VB script, JavaScript, ADO 
IS, Oracle 8i and AutoCAD. Aliso 
utilized Visio, Biztalk, Business 
Objects, web intelligence, Erwin 
Toad, and UNIX. Requires Bach- 
elor's degree in Computer Science 
or Engineering an 

experience 


me to: Recruiter 
Suite 
Wilmington, DE 801, or via email 
careers@silicus.com 


Software Engineer (Charlotte, NC 
Part of core development team 
responsible for research, design 
development, testing, documenta 
tion and maintenance of Websydi- 
an and Clipper web-and DOS 
based, object-oriented business 
applications and related computer 
systems in AS/400 and PC LAN 
Windows architecture platform. Ut- 
ze C++, Java, Visual Basic, Fox 
Pro, COOL Plex and Crystal Rep 
on IBM Universal Database 
Server and DB/400. Analyze soft 
ware requirements to determine 
feasibility of design. Consult with 
hardware engineers to evaluate in- 
terface between hardware, soft 
ware, operational and performance 
r rements of overall sy 
Must have Bach. deg 
with major field of study in Comp. 
lems or related field 
d in job offered, or 4 
yrs exp. in a position involving busi- 
tions software devel- 
Experience mentioned 
ve been obtained concur- 
and must include: (i) 4 yrs 
t oriented analysis, design 
nming in a PC LAN 
Windows architecture platform; (ii) 
OL Plex; (iii) 4 yrs 
and programming in 
a AS/400 environment; (iv) 3 yrs 
exp. each in IBM Universal Data- 
base, SQL Server, and DB/400; (v 
3 yrs exp. in Crystal Report Tools: 
vi) 2 yrs exp. in web-based soft 
ware development; (vii) 2 yrs exp 
each in C++, Java, Visual Basic 
FoxPro and SQL; and (viii) 1 yr exp 
each in Websydian and Clipper 
Must have legal authority to work in 
U.S. Please send resume to CT 
Chu (REF:SE), Caraustar Indus- 
tries, Inc., 443 South Gardner Ave. 
Chariotte, NC 28208 


PROGRAMMER ANALYSTS 
for Naperville, IL office. Devel- 
op & maintain software appli- 
cations using Oracle, SQL 
Server, Erwin, Linux, Sybase 
XML, UML, Interwoven, Cool- 
gen, ClearCase, ClearQuest, 
Plumtree PVCS UNIX 
Bachelors Degree reqrd in 
Computers Engineering, 
Math or related field of study + 
2yrs of related exp. 40 hrs/wk; 
Must have legal authority to 
work permanently in the U.S. 
Send resume to HR Manager, 
Globaiways, Inc, 39176 B, 
State St, Fremont, CA 94538. 
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Product Specialist, Technical Sup- 
port: Provide hands-on technical 
support for company prospects and 
customers via the telephone, such 
as guidance for installing and using 
the product, or troubleshooting ac- 
tivities. Stay current with company 
software functions and features 
and with alternative products in the 
markets the company serves. Con 
tinuously update information about 
product performance in customer 
installations. Support developers 
using company software by design- 
ing programs to demonstrate, test 
and provide quality assurance 
Support customers who use com 
pany software developer tools to 
create custom application or data- 
base drivers. Keep up-to-date with 

ns of supported operating 
systems, database management 
systems and network transport pro- 
tocols. Maintain website. Require- 
ments include a Master's degree or 
equivalent in Management Sci: 
ence, Information Systems or 
closely related field. No work expe: 
rience required. Applicants must 
have unrestricted authorization to 
work in the United States. Salary 
$60,000/year. 40 hours/wk. Re- 
spond with two copies of resume to 
Case #20020 Labor Ex- 
change Office, 19 Staniford St., 1st 
Fl., Boston, MA 02114 


Job # SA1. Systems Analyst for in 
tegration, design, programming 
implementation using Oracle, VB 
Active Reports, ASP. JavaScript 
HTML, PL/SQL, Toad, SQL Server 
2000, & Visual SourceSafe. Mod- 
eling using ERWIN/Visio 2000. Data 
Migration & Warehousing using 
DTS, SQL, Sagent. image editing- 
Adobe Photoshop, HTML-M 
amework. BS in Eng 
Science or Related Field + 2 yrs 
exp. in Software Consulting. In lieu 
of degree, employer will accept 5 
yrs. of software ext 
Job # CP1. Programmer to pian 
design, develop, configure, code. 
maintain, implement & analyze 
computer programs/systems. De 
velop custom designed software 
solutions for clients. Visit client sites 
as needed in discovery, testing & 
implementation phases. MS or equ- 
valent in CS or CIS. Must be profi. 
ient in C/C++, Java, Win32 API 
programming, Crystal Report & 
Data Encryption/Decryption 
All positions offer comp. salary 
Refer to job number & apply to HR 
ECS, Inc. 8744 Main Street, # 101 
Woodstock, GA 30188 with proof of 
work authorization 


WEB DEVELOPER - Dvip custom- 
ized prgms in Peri, C, C++, Java & 
SQL in Unix envrmt. Enhance user 
appeal & utility of customized prgms 

as overall functionality of 

Neb front 

interfaces using JavaScript & HTML 
to new or existing d/bases to make 
business applics web accessible 
Perform ongoing day-to-day opera- 
tion of the server s/ware inci. main- 
taining system security, monitoring 
usage stats & logs, modifying con- 
figuration settings & backing up the 
system. Perform troubleshooting 
duties when needed & write shell 
scripts as necessary. Impimt, test & 
maintain customized s/ware. Reqd 
Bach in Comp Sci (employer will 
accept foreign deg equiv) + 2 yrs in 
job offd or 2 yrs as s/ware develop. 
er or programmer. 2 yrs exp in relat 
ed occupation must incl Peri, C. 
C++, Java, S HTML & Java 
Script. Send resume to J. Feinberg 
HR, Info Technologies, Inc, Mon 
mouth Park Corp Ctr 1, 187 Rte 36. 
Bldg A, Ste 20, W. Long Branch, NJ 
07764 


Analyst 
Programmers 


Working with Oracle 
10.1/11i throughout 
the USA. Contact 
Raretec 128 West 
Broadway, Oviedo, 
FL 32765 or Fax to 
(407) 971-8808. 


Computer programer. Up-grading 
and maintenance of the computer 
systems, including purchasing of 
hardware and software. program- 
ming, design and implementation 
Data Base programs using Visual- 
Basic to control menu Designs 
cost inventory, payroll, accounts 
receivable and payable, and em- 
ployee schedules including the 
ones to used by the network. 
Web design and development 
Supervise the implementation of 
the network of all four restaurants 
locations with main office. required 
technical or associate Degree in 
computer programming or comput- 
er information systems. 1 year on 
the job experience or computer pro- 
gramming experience, which in- 
cluded data base design using vis- 
ual basic. Foreign degree accept- 
able. competitive salary. 40 hr/wk. 
send resume & cover letter docu- 
menting minimum qualifications to 
Wayne Grimball, la fiesta South 
Inc., suiteA 6521 Highway 69 
south, tuscaloosa, AL 35405, EEO 


Systems Analyst - Uses sys- 
tems to analyze Latin banking 
systems & business require- 
ments. Design, dev. & pro- 
gram software for integrated 
banking systems in Latin 
America Banks & financial 
institutions. Works w/ IBM, 
AS/400, RPG, ILE static pro- 
gramming w/ services. De- 
signs teller attention systems 
incl. (Sarabank, IBS branch) 
40 hrs per wk 9AM-6PM. 3 yrs 
exp. in job offered. Fax 
resume to Datapro, Inc. Attn 
William Montiel Case # 03- 
1308 (305) 377-3282 


Developer to develop a robust 
BPMS (Business Process Manage- 
ment Software) on J2EE platform 
using JDBC compliant database 
Write programs using Microsoft 
SQL Server 2000/7.0, MySQL 
PostgreSQL on Windows and Linux 
platforms. Utilize HTML, ASP, Java- 
Script, templates, velocity and Jet- 
speed. Familiarity with Internet In- 
formation Servers. Use Photoshop 
& illustrator for front-end graphics. 
Use UML for application modeling 
and LDAP for Active Directory 
Services. Salary as per prevailing 
wages. BS in Computer Science 
Plus training in Appstream soft- 
ware. Apply: Open Systems, 4005 
Windward Pil., # 550, Alpharetta. 
GA 30005 with proof of permanent 
work authorization 


Portal Content Analyst - Re- 
sponsible for analyzing, evaluat- 
ing and developing content for 
Spanish portal (website) of 
BellSouth.net. Master's degree in 
Computer Science, Computer 
Information Systems or related 
field required and one year expe- 
rience in systems and web con- 
tent analysis OR Bachelor's 
degree in stated fields and three 
years’ of stated experience 
Must be fluent in Spanish 
Please forward resume to Attn. 
Lisa Burlingame, BellSouth 
2247 Northlake Parkway, Suite 
800, Tucker, Georgia 30084 
Please do not email or fax 
resumes. EOE 


Sr. SW (Test) Engr.- As member of 
SW testing team, test & develop 
test automation SW. Participate in 
design & code reviews. Write test 
plans according to system reqs. 
Mntn. exist'g test plans & automat- 
ed test scripts. Test telecom prod- 
ucts. Support pot'l customers dur- 
ing lab trials. Must have B.S. in 
Comp. Eng'g/Sci., E.E. or equiv.+ 
3yrs. exp. in the job offered or 3 yrs 
exp. w/ SW testing for the telecom 
industry, including detailed knowl- 
edge of telecom protocols, general 
telecom procedures & TCL script- 
ing. 40 hrs/wk; Salary: $92,833/yr. 
Send 2 copies of resume to: Case 
#200201705, Labor Exchange Of- 
fice, 19 Staniford St 1st Fl, Boston 
MA 02114 
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THE WORLD’S BEST 
IT TOOL IS-IN 
YOUR HANDS. 


THE WORLD’S BEST 
IT TALENT IS Al 
OUR SITE. 


WHAT ELSE WOULD YOU EXPECT 
FROM THE ONE AND ONLY CAREER 
RESOURCE FOR READERS O1 

COMPUTERWORLD, 


INFOWORLD AND 


NETWORKWORED? 


COME ON, 
RECRUIT OUR READERS 


DYOWLLE RECRUIT LESS OFTEN 


CHECK US: OUT Ad: 


WWW.ITCAREERS.COM 
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COMPUTER PROG- 
RAMMER wanted by 
software/hardware 
consultants in Hous- 
ton, TX. Must have 
degree in Comp. Sc. & 
exp. Respond by res- 
ume only to: Mr. Fred 
Vakili, President N/T 
#10. P.C. Vision, Inc. 
6220 Westpark, Ste 
101, Houston, TX 
77057. 


Golden Way Security is hiring IT 
professionals to handle software 
and computer issues in mortgage 
areas including web-based appli- 
cation design. BS with some 
experience are the minimum 
requirement. Please send res- 
umes to 28125 W. Seven Mile 
Rd., Livonia, Ml 42152 


Programmer Analyst & Statistician 
wanted by Biopharmaceutical 
Research Consultant, Inc. (BRC!) 
Duties include SAS/statistical pro- 
gramming, database creation. 
Minimum requirement is BS with 
exp in related field. Send resumes 
to 6869 Marshall Road, Dexter, MI 
48130. EOE 


Cityon Systems, Inc., a 
s/ware consulting co 
seeks to fill the position 
of Computer/Quality As- 
surance in Chicago, IL 
and unanticipated locs in 
US. Must have BS & 4 
yrs s/ware exp. Respond 
by resume to Attn: HR 
Dept.; Cityon Systems, 
Inc., 2000 North Central 
Expressway, Plano, TX 
75074 


pe 
Looking For 
a 
New Career? 
The new 
itcareers.com 
and 
CareersJournal.com 
combined 
jobs database 
can help you 
find one. 
Check us out! 


www.itcareers.com 


(CW030721E/W/MW.4 
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Junior Programmer. Assist in 
design, developing, testing 
& implementing of software 
using J2EE, Jetspeed, UML, 
JSP, Turbine, velocity, post- 
gres, SQL, Java Beans, 
XML, XSL, Eclipse, JDBC, 
JTogether 5.5 & C++. Req 
BS in Comp. Sci./Eng. or 
Elec. Eng. 40 hr-wk. Job/ 
Interview Site: Redondo 
Beach, CA. Send resume to 
Philosopher's Stone Solu- 
tions, LLC., 1874 S. Pacific 
Coast Hwy., # 722, Redondo 
Beach, CA 90277 


Software Engineer. Works: 
under the supervision of sr. 
mgmt to research/develop math 
algorithms for image processing 
complex graphics SW & imple- 
ment using C++/OOP on 
Windows/Macintosh 
design/implement based on 
TCP/IP; determine time/cost 
feasibility; develop req'ts; devel- 
op/implement SW testing, pro- 
gramming documentation/ 
installation Req. Bach. in 
Engineering Comp. Sci 
rel./equiv. & 1 yr. exp. Resume 
to J. Miranda, Deneba Software 
Inc., 1150 NW 72nd Ave 
Penthouse, Miami, FL, 33126 
No calls 


Programmer 


Develop customized IT solutions 
based on a client's needs and 
business environment. Must 
have a Bachelors Degree in CS 
or Engineering and 2 yrs. of exp. 
or 2 yrs. of exp. in a related posi- 
tion w/ability to use: Visual 
Basic, JavaScript, SQL Server. 


Must be willing to re-locate 
40hrs./wk, 9AM-6PM 


Applicants send cover letter and 
resume to: Cyber Korp, Inc., 400: 
West Lake Street, Suite 216 
Roselle, IL 60172, ATTN: HR 
Mgr. 


Programmer Analysts to analyze. 
develop, maintain software appis 
using Oracle Applications, Oracle. 
PL/SQL, Dev 2000, etc under 
Windows/UNIX OS; conduct func- 
tional testing and debugging; per- 
form data conversions, customize 
Forms/Reports using Oracle Ap- 
plications standards; document. 
maintain & update development 
process. Require: BS or foreign 
equiv. in CS/Engg. (any branch) or 
related field & 2yrs of exp. in IT. 
Travel involved. F/T position. 
Competitive salary. Resume to 
HR, Quest America,inc., 211 
East Ontario Street, Suite 1800. 
Chicago, IL 60611 


Software Engineers to analyze 
design, develop/customize busi- 
ness appls using Oracle Fin. and 
Manuf. Applis, Oracie, SQL, PL 
SQL, Dev 2000, Designer 2000 
etc. under Windows, UNIX and 
Sun Solaris envir; interact with end 
users, gather and document reqs. 
prioritize functional specs formulat- 
ed from user reqs; evaluate prod- 
uct functionality and design to 
assure quality. Require: Masters or 
foreign equiv. in CS/Engg.(any 
branch)/Science/Bus. Mgmt. Tra- 
vel involved. F/T position. Com- 
petitive salary. Resume to: HR 
Quest America, Inc., 211 East 
Ontario Street, Suite 1800. 
Chicago, IL 60611 


SYSTEMS ANALYST 


Analyzes user requirements 
procedures and problems to 
automate processing or to exist- 
ing computer systems. Bach- 
elor's degree in computer sci 
ence, engineering or math- 
related and 2 yrs. exp. UNIX 
and AS/400 operating systems 
MF COBOL, RPG 3, COBOL/ 
400, CL/400 languages. Must 
be able to travel 


Apply by resume only to Murali 
K Suddala, Capricorn Systems 
Inc. 3569 Habersham-at 
Northlake, Building K, Tucker. 
GA 30084 


Analytical Design Service Corp 
(ADSC) is looking for system/pro- 
grammer analysts. Duties include 
web application, web graphic 
design, database in account- 
ing/HR fields. Must have IT exp. 
using HTML, Flash & fireworks 
Please send resumes to 


fesumes@adsc-usa.com. EOE 


Software engineer and system 
analyst wanted by Hawaii Village 
Computers to develop special 
software Lawn Assistance Ill 
Experience in FoxPro, SQL 
Mapping software is required 
familiar with Lawn Care industry 
Minimum BS degree. Apply at 
reaigreen@reaigreen.com 


Seeking qualified applicants for the 
following positions in Memphis: 
Collierville, TN: Senior Program- 
mer Analyst. Formulate/define fun- 
ctional requirements and documen- 
tation based on accepted user cri- 
teria. Requirements: Bachelor's 
degree or equivalent in computer 
science, MIS, engineering or relat- 
ed field plus 5 years of experience 
in systems/applications develop- 
ment. Experience with Java, Unix 
and SQL programming aiso re- 
quired. “Master's degree in appro- 
priate field will offset 2 years of 
general experience. Submit res- 
umes to Sibi George, FedEx 
Corporate Services, 1900 Summit 
Tower Bivd., Suite 1400, Orlando 
FL 32810. EOE M/F/D/V 


Navision Developer: Develop/pro- 
gram customizations in Microsoft 
Navision Financial package; design 
nt user specified solu- 
tions; create system & end user uti- 
ization reports; manage data con- 
version (flat files, importation pro- 
grams, etc provide Navision 
AVISTA customer support; teach 
development asses; program 
installation & setup of client/server 
software on Navision server & SQL 
server. Req. 4 yrs work exp in job 
offered or 4 yrs exp in related occu- 
pation as Developer or any suitable 
combo of edu., training, and/or 
work exp. Send resume to 
Compusystems of Georgia, inc 
stwood Parkway, Suite 
GA 30096 Ref BN. 


Software Engineer (NY NY) 
Design, develop & administer 
sales/purchase/inventory sys- 
tem designed for diamond & 
jewelry industry. Design. code & 
test complex system compo- 
nents, incl memo system fea- 
ture & inventory system for pre 
cious gems. Develop multi-tier 
applications using Java and 
jC++. Develop web-based appli- 
cations and implement client- 
server technology using Visual 
Basic. Bachelor's or foreign 
equiv in Elec Engin, Comm 
Engin or Comp Info Systems 
plus 3 yrs exp in job offered 
Fax resume to: 212-888-0055. 


IT Careers 


Senior System Engineer: Per- 
form AS-400 administration, in- 
cluding installation, configura- 
tion, upgrading, monitoring 
backups, and administrative 
tasks like user creation and sec- 
urity clearance. Install Tivoli 
monitoring system in all servers 
in the company's North and Latin 
America offices in different plat- 
forms and configure and main- 
tain them. Responsible for the 
backups of all the servers in the 
US data center (using Tivoli 
Storage Manager). Responsible 
for maintaining the Data Center 
in company's Puerto Rico office 
Requirements include a Bache!- 
or's degree or equivalent combi- 
nation of education and work 
experience in information Sci- 
ence, Computer Science or reiat- 
ed field and two years of pre-or 
post-degree work experience in 
the job offered or related field of 
system engineering and support 
Applicants must have unrestrict- 
ed authorization to work in the 
United States. Salary $74,200/ 
year. 40 hours/wk. Respond with 
two copies of resume to Case 
#200202625, Labor Exchange 
Office, 19 Staniford St., 1st Fl 

Boston, MA 02114 


Computer/info. Systems 
Information Systems Professionals 


To participate in analysis, problem 
solving, project design and techni- 
cai implementation for major pro- 
jects, mentor junior level consul- 
tants. Participate in the timely and 
high quality delivery of product 
implementation, integration, de- 
sign, coding, testing and documen- 
tation of custom application soft- 
ware; evaluate user requirements 
and consult with design team to 
identify current procedures and 
needs; support and train end-us- 
ers. Technologies/Piatforms used 
include UNIX, Windows NT, SQL 
Server, or Oracie using SQL 
C/C++, Visual Basic, Java, Cobol 
and other appropriate program 
ming languages in Client/Server, 
Network and Mainframe environ- 
ments. Must have a Bachelors 
degree, or its equivalent, and 3 yrs 
professional experience. Send 
resume to: Human Resources. 
Knightsbridge Solutions, 500 W. 
Madison Ave Suite 3100 
Chicago, IL 60661. EOE 


MagnaQuest, Inc. delivers end- 
to-end customer-centric IT solu- 
tions. We are looking for the fol- 
lowing position 


Programmer Analysts: Design 
develop and test Internet based 
programs for EBPP packages. 
Electronic Billing Presentation 
and Payment. Design client-serv- 
er applications using JAVA, EJB. 
NetDynamics and Oracle. inter- 
act with clients io design the func- 
tions of software according to 
client specifications using Unix 
C++, Corba, XML, UML, WEB 
LOGIC 7, testing tools. Requires 
Bachelor's degree in Computer 
Science or Engineering and 2+ 
years of experience 


Send resume to: Human Resour- 
ces, MagnaQuest, Inc., 16219 S 
3ist Way, Phoenix, AZ 85048 
E-mail: mqusa@magnaquest.net 


Consultant sought by NYC 
Computer consulting firm to 
analyze user needs, to dsgn 
dvip & impimt medium to 
large scale applics using 
technologies such as Java 
HTML/DHTML, Oracle, Win 
2000/NT95, Unix, Unix Shell 
Scripts, Oracle, Beantest, 
Rational Purify, Optimize IT, 
SQL Navigator, Microsoft 
Visual Studio. Must have rel- 
evant work exp. Send 
resume to Gemini Systems. 
HR #CRK, 61 Broadway, Ste 
925, NY, NY 10006 


Manhattan Associates, Inc. a 
worldwide leader in supply chain 
execution systems is looking for IT 
professionals to join our team at 
‘our Atlanta, GA, Burlington, MA. 
and Mishawaka, IN locations (Job 
locations may vary) Business An- 
alysts. Logistics domain to analyze 
document & generalize customer 
req. to create feature sets & en- 
hancements to internet based opti- 
mization suite using UML & Trans- 
portation Execution & Procurement 

J@EE, XML, XSLT, CSS 

& CPLEX math & solver 
libraries. Req BS bus. or equiv 
including Stats & Quantitative Meth 
& 2 yr. as Bus Analyst or Consuit 
exp. to include bus. modeling, ERP. 
Unix Administrators. Unix/Sun 
Solaris support & admin optimiza- 
tion-based transport decision sup- 
port sys on Solaris 8, AIX4.3, AIX 
5L, HP UX & Win2000 sys using 
Weblogic, WebMethod, MQ Series. 
RateWare. & PCMILER. w/Big- 
Brother & SiteScope monitoring 
Req BS Engg or Comp Sci & 2 yr 
as Unix Admin or Sys Engg, exp 
include admin. Solaris 8, HP-UX 
Big Brother, Weblogic & Sheil 
scripting. Resumes to: K. Littleton 
Manhattan Associates, 2300 Windy 
Ridge Pkwy. 7th Fl. N., Atlanta GA 
30339. 


Software Application Engineer 
Perform system analysis, des 
ign, programming, testing, imp- 
lementation and documentation 
of technical customer engage- 
ments. Review site preparation 
checklists, executing statements 
of work/activity plan tasks, defin- 
ing and assessing the need for 
change requests and coordinat- 
ing change requests with project 
managers along with data con- 
versions, form medications and 
forms development. Requires: 


Bachelors in Computer Science} 


or the U.S. equivalence and two 
years experience in Customizing 
CRM Applications. Must have 
knowledge of Appiix Enterprise 
Applix Administration and Crys- 
tal Reports. 40hrs/wk (8:00 A.M 
to 5:00 P.M.); $70,000.00/yr 
Send two resumes/responses 
to: Case Number 200202367 
Labor Exchange Office, 19 
Staniford Street, 1st Floor 
Boston, MA 02114 


Actual Systems of America seeks 
applicanis for the position of 
Computer Programmer in Aurora. 
CO to, using FoxPro and C lan- 
guage under Unix and SQL 
Server databases, work on devel- 
opment projects and software 
enhancements for a software 
used by the auto recycling indus- 
try. Requirements for this position 
include a bachelor's degree in 
computer science or electronic 
engineering and 2 yrs. exp. as a 
programmer using FoxPro 2.6 
Requirements also include work- 
ing knowledge of Unix, Windows 
CE, SQL Server, Embedded 
Visual Basic 

under a Unix 
Respond by resume on 
Actual Systems of America 
14231 E. 4th Ave., #101, Aurora. 
CO 80011. No phone calls 


janguage 


Seeking qualified applic: 
following positions in Mi 

Senior MIS Ar 

leadership the analysis 
development and management 
databases and rep 

support customer sen 


either Sybase or Power- 
Builder also required. “Master's 
degree in appropriate field will offse’ 
2 years of general experience 
Submit resumes to Mike Feehan 
Federal Express Corpor 
Lamar Avenue, 3rd Floor, Memphis. 
TN 38118. EOE M/F/D/V 
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Igenesis delivers innovative IT 
solutions to business clients nation- 
wide. We have immediate fi 
opportunities for Software Engin 
eers & Programmers 


ull time 


We are seeking candidates with 
expenence in design, deveiopment 
mpiementation and maintenance 
of financial systems applications 
Manage & architect a solution that 
integrates the clients information 
systems using PowerBuilder, PFC 
PFC Tool, Web Datawindow, Pow 
erDynamo, Jaguar, Corner Stone. 
PowerDesigner, Java, UML Design 
Coldfusion avascripts, Him 
Clearcase, Crystal reports, RCS 
Communication, ¢ 
Sheli Scripting, SQL-Server and 
Oracle on a Unid/Windows operat- 
Ng system 


Control-M. Per! 


Require experience in preparing 
functional requirements, design 


specifications & generating reports 


Seeking dependable and Total 
Quality customer service oriented 
candidates for the positions. Re 
quire Bach Ss degree om 
puter Science, Engineering or relat- 
ed fieid is required + 3 yrs of expe- 
rience in the job offered or 3 yrs as 
a Software Developer. Job involves 
frequent traveling as required by 
the proje We offer excellent 
salary & efits package for 
nrsiwk. 8:06 5:00 pm. Se 
resume to: genesis 

Drive, Waukesha, W 


0b4 1903@igenesisoniine 


cecom 
LLC seeks a Sr 
Operations to direct 
integrated Ne 


Field O 


Messaging sy 
Channeliz 
SONET. 


salary 
HR Dire: 
arkway Suit 


orgia 30005 


IT Project Managers needed 
Seeking qual. candidates pos- 
sessing Bachelor's or equiv 
and/or rel. work exp. Part of the 
req. rel. exp. must include 3 yrs. 
managing IT p simultane- 


ously with softwa develop- 
ment. Exp. in scope « 
monitoring project fp 
developing status 
ferred. Knowledge of standard 


reports pre- 


management tools & 
techniques a plus. Must be will- 
ng to travel & relocate as req'd 
Fwd. resume & ref. to Cal2Cal 
Corp., Attn: HR, 4521 Campus 
Dr., PMB 335, Irvine, CA 92612 


PROGRAMMER ANALYST, JR 
Analyze, design, program, imple- 
ment, test & support advanced 
re applications utilizing C# 
Script, ASP 


cle, Java. 


ntemet-re 
sponsible for 

& integration of middieware 
COM+ components w/web appii- 
cation running under IIS. Req 
Bachelors in Comp. Sci.. MIS, or 
Engg (any field) plus 1 yr exp 
Contact: international Sy 
Technologies, Inc., 1812 
Street, Scotch Piains, NJ 0707! 





Concept Development and Secure 
Networking Engineer 


Pitney Bowes Inc. has an opening 
in its Shelton, Connecticut office for 
a Concept Development and Se 
ure Networking Engineer 


Responsible for concept develop 
ment through customer centered 
novation and research into the 
application of secure wireless net 
king technology to an office en 
snment with a focus on both 
and wireless networking pro 


Must possess at least a bachelor's 
ts equivalent in Computer Er 
eering or a related field, class- 

room training or experience with a 

focus on both wired and wireless 

networking protocols, including 

TCP/IP, SONET, ATM, and wireless 

protocols, including IEEE 802.11 

and Bluetooth, C++ development 

and data structure design, training 

n technical writing and public 

peak ‘esenting technical ma 
terial, training accounting and 

economics to support b 

modeling and concept 

and design and analysis of wireless 

network security, including partici 

dant authentication, end to end 

channel security, and location m 

agement in both ad-hoc and 

aged environments. 


Resume and/or cover letter must 
reflect each require 

specify reference code CDSNE o 
will be rejected 


Forward resume to Robbin Drew 
tt, Pitney Bowes Inc., One 
roft Road, Stamford, CT 


COMSYS is an established IT cor 
firm that serves leading co 
cluding 
With CC 
Additional 
nsation for referrals, and 
ofessional Challenges with train 
ing and assignments to keep you at 
the forefront of technology. With 
ffices, we need the services of 


experienced consultants across the 


ness Analysts 


Project Leaders 


mit resume tc 
COMSYS 
3030 LBJ Freeway 
Suite 905 
Dallas, TX 75234 
www. comsys.com 
Fax: 972-960-0914 


EQE/M/F/DV 


Software Eng'r: research, de 
sign & dev. software apps, us 
ing Clarify-CRM, First Choice 
UNIX, C/C++, JAVA, Oracle 
tools & tech. Analyze req't to 
determine design, time & cost 
constraints. Perform other rel 
duties. BS or equiv in CS, MIS 
or eng’g rel. 5 yrs. exp. or 5 yrs 
analysis/prog rel. FT.Req. travel 
Job site: Topeka, KS or may 
change to other unanticipated 
sites throughout US as req 
Send res to USMBS, 4780 
Walbern Court, Chantilly, VA 
20151. Legal rt to work in US 
must be stated 


Web Master 


Designs, develops and maintains 
large internevintranet systems for 
financial institution 


Must have B.S. in Computer Sci 
or equivalent, and two years 

experience in job offered. 40 

hrs/week, Mon-Fri, 8:00 am to 
0 pm 


Send resume to: Western Re- 
serve Life Assurance Company of 
Ohio, 570 Carillon Parkway, St 
Petersburg, Florida 33716, Attn 
Human Resources, Job C 
Lc1 


OE 


IT|careers 


Software Engineer: Customized 
software & Internet-based applica 
tion design in support of financial 
industry using specialized program: 
ming languages & design tools 
Java, Sql, Rational Rose, Enter- 
prise Java Beans); software analy- 
sis; develop customized & enter 
prised software using expertise in 
financial industry software applic 
tions (Enterprise Java Beans) 
application server-based global dis- 
tributed applications (Weblogic 
Iplanet); integrate client financial 
systems with newly-created prod 
ucts to make data accessible to 
mts on UNIX & Windows NT 
erating systems; test & deploy 
newly created enterprise financial 
solution products & provide support 
on third-party accounting tools 
hardware & software maintenance 
performance fine-tuning; modeling 
our clients’ businesses to load fixed 
income securities data into the data 
warehouse using database sys- 
tems (Oracle, Sybase, Enterprise 
Java Beans) & application servers 
(Weblogic, Ipianet). Must have 
Masters Degree in Engineering 
Electronics or Computer Science, 3 
yrs exp in job offered or 3 yrs é 
Software Engineer; plus proven 
knowledge in Object Oriented 
Software System modeling, design 
& development of Internet-based 
distributed enterprise business sys 
tem solutions. Full time; salary 
$95,000/yr. Overtime as needed 
Submit two (2) copies of resume to. 
>ase #200202581, Labor Ex- 
change Office, 19 Staniford St, 1st 
Fi., Boston MA 02114 


Manager - CRM (Customer Rela 
tionship Mgmt.. Job location: Con- 
shohocken, PA. Duties: Manage 
the design, set-up & implem. of 
CRM systems using Siebel soft- 
ware. Coord. resources to develop 
build, unit test, system test & rollout 
systems & meet delivery dates. 
Design & build interfaces for con- 
version from legacy systems to 
Siebel backend. Define arch. & top 
slogy of develop.. test, training & 

9d. environs. Train & coach con- 
sultants in div. Plan proj. timelines 
using MS Projec meet time 
budget & delivery schedules. Re: 
quires: M.S. in Comp. Sci., Eng. or 
a related field & 3 yrs. exp. in the 
job offered or 3 yrs. exp. as a Tech 
Mgr., Sr. Consultant or Analyst. Will 
accept B.S. & 5 yrs." prog. exp. in 
the comp. ind. Concurrent exp 
must incl. 2 yrs. exp. managing the 
design, set-up & implem. of CRM 
systems using Siebel software & 2 
yrs. exp. developing unit & system 
testing & performing rollout of sys 
tems. Send resume (no calls) to 
Diane Tuccito, Answerthink, Inc 
817 W. Peachtree St., Ste. 800. 
Atlanta, GA 30308 


SOFTWARE ENGINEER to design 
deveiop, test and maintain web- 
based and batch oriented applica 
tion software using Java, Siebel 
VB Script, Java Script, ASP and 
HTML under Windows and UNIX 
operating systems. Require: M.S 
degree in Computer Science, an 
Engineering discipline, or a closely 
related field with one year of expe 
rience in the job offered or as a 
Programmer/Analyst. Extensive 
travel on assignment to various cli 
ent sites within the U.S. is required 
Competitive salary offered. Send 
resume to: Murli N. Reddy, Charter 
Global, Inc., 5445 Triangle Park- 
way, Suite 190, Norcross, GA 
30092; Attn: Job SN 


PROGRAMMER/ANALYST to ana- 
yze, design, develop, test, imple 
ment and maintain GIS application 
software using FRAMME, Fieid 
View, Microstation, ODL, MDL 
Active FRAMME, Oracle, PL/SQL 
Visual Basic, Perl, Informix and 
ASP under UNIX and Windows NT 
operating systems. Require: B.S 
degree in Computer Science: 
Engineering, or a closely related 
field with 2 yrs. of exp. in the job 
offered. Extensive travel on assign: 
t to various client sites within 

2 U.S. is required. Competitive 
salary offered. Send resume to. 
Murli N. Reddy, Charter Global 
Inc., 5445 Triangle Pkwy., Ste. 190. 
Norcross, GA 30092; Attn: Job SB 


Project Engineer 


Pitney Bowes Inc. has an opening 
in its Shelton, Connecticut office for! 
a Project Engineer. 


Design test strategy documents, 
write test cases, hold test case 
reviews, execute test cases, log 
defects into the Clear Quest defect 
tracking tool, follow-up on the 
defects until resolution, hold defect 
review meetings, enter test results’ 
into the TRA tool and hold test 
results meetings. 


Must possess at least a bachelor's 
degree or its equivalent in Engin- 
eering, Computer Science or a 
related field and relevant work 
experience as a Test Engineer 
Product Development, including 
experience with unit, component. 
integration, functional, reliability, 
security, performance, stress and 
load testing, testing of Internet and 
Intranet applications, testing in a 
Windows environment using MTS. 
C++ and Visual Basic, test automa- 
tion, and System Test organization- 
al tools 


Resume and/or cover letter must 
reflect each requirement above and 
specify reference code PE/VP or it 
will be rejected. 


Forward resume to Robbin Drew 
Elliott, Pitney Bow Inc., One 
Elmcroft Road, Stamford, CT 
06926-0700 


Computer - Senior /T Specialist 
(Pittsburgh, PA and various loca- 
tions throughout the U.S.) Design 
develop, debug, test and deploy 
client applications; plan, imple- 
m analyze, performance-tune 
WebSphere application server 
installations and configuration, pro- 
vide technical guidance and sup- 
port, utilizing Java, Visual Age for 
Java and WebSphere Application 
Server. Requires a U.S. or Foreign 
Equivalent Bachelor's degree in 
Physics, Cornputer Science, or 
Management Information Systems 
and two years of experience in the 
job offered or two years of experi- 
ence as a Software Engineer. 
Systems Analyst, or Programmer. 
40 hrs/wk, 9am-6pm, $85,750.00. 
Reply to Job Order #WEB339016 
Site Director, Pittsburgh/Allegheny’ 
County CareerLink, ATTN: ES 
supervisor, 425 Sixth Avenue, Suite 
2200, Pittsburgh, PA 15219. 


Senior Systems Analyst to develop 
software applications using CO- 
BOL with SQL interface using SQL 
software. Develop new applications 
in COBOL/ICICS and VSAM/ISAM 
in a DOS/VSE environment. Up- 
grade current system from CMS to 
MVS. Convert VSAM/ISAM data 
files to DB2/UDB relational data- 
bases. Bachelor's degree (will also 
accept foreign degree equivalent) 
in Computer Science, Mathematics 
or related field required. Two years 
experience as Senior Systems 
Analyst or two years experience as 
Senior Systems Developer, Senior 
Programmer/Analyst or Senior 
Consultant required. One year ex 
perience using COBOL, SQL 
CICS, VSAM, MVS, VSE, and DB2 
required. All experience may be 
cumulative. 40 hours/wk, 8:00 a.m 
to 5:00 p.m., $70,00G/yr. Send 
resumes to P.O. Box 11170, Detroit 
Michigan, 48202. Reference No 
211363. Employer Paid Ad 


Looking for 
a new career? 
The new itcareers.com 
and CareerJournal.com 
combined jobs database 


can help you find one. 


Check us out at: 


www.itcareers.com 


ace bacrer eRereyee 


The World Of 
ork Is Changing 
Every Week. 


itcareers.com is now powered 


by CareerJournal.com! 


Search for jobs and post 


your resume here on 





Www.itcareers.com 


Computerworld + July 21, 2003 





www.computerworld.com 


AD INDEX 


COMPUTERWORLD July 21, 2003 51 





COMPUTERWORLD 
HEADQUARTERS 


500 Old Connecticut Path, P.O. Box 9171 
Framingham, MA 01701-9171 
Phone: (508) 879-0700 
Fax: (508) 875-4394 


PUBLISHER, PRESIDENT/CEO 
Bob Carrigan 
(508) 820-8100 


VICE PRESIDENT/CIO 
Rick Broughton 
(508) 620-7700 


VICE PRESIDENT/EDITOR IN CHIEF 
Maryfran Johnson 
(508) 820-8179 


EXECUTIVE VICE PRESIDENT/ 
STRATEGIC PROGRAMS 
Ronald L. Milton 
(508) 820-8661 
EXECUTIVE VICE PRESIDENT 
Matthew C. Smith 
(508) 820-8102 


VICE PRESIDENT/ 
NATIONAL ASSOCIATE PUBLISHER 
Matthew J. Sweeney 
(508) 271-7100 


CIRCULATION 
Circulation Coordinator/Diana Turco, (508) 820-8167 


PRODUCTION 
Vice President Production/Carolyn Medeiros; Production 
Manager/Beverly Wolff; PRINT DISPLAY ADVERTIS- 
ING: (508) 820-8232, Fax: (508) 879-0446; DISTRIBU- 
TION: Distribution Manager/Bob Wescott 


MARKETING 
Director of Marketing/Kelly Sheridan; Marketing Special 


COMPUTERWORLD SALES OFFICES 


VICE PRESIDENT/ 
NATIONAL ASSOCIATE PUBLISHER 
Matthew J. Sweeney 
(508) 271-7100 
Fax: (508) 270-3882 


SALES BUSINESS MANAGER 
Laureen Austermann 
(508) 820-8522 
Fax: (508) 270-3882 


ACCOUNT DIRECTOR: Jim Barrett (415) 978-3306; FIELD 
MARKETING ASSOCIATE: SaraJane Robinson-Retondo 


(415) 978-3304, 501 Second Street, Suite 114, San Francisco, CA 


94107 Fax: (415) 543-8010 


ACCOUNT DIRECTORS: Jim Barrett (415) 978-3306, Debbie 
Sorich (415) 978-3313; SALES OPERATIONS MANAGER: 
Emmie Hung (415) 978-3308; FIELD MARKETING ASSOCI- 


ATE: SaraJane Robinson-Retondo (415) 978-3304, 501 Second 


KEY ACCOUNTS 
VICE PRESIDENT: Linda Holbrook (415) 978-3307 
FIELD MARKETING ASSOCIATE: Elisa Phillips 
(415) 978-3309, 501 Second Street, Suite 114, San Francisco 
CA 94107, Fax: (415) 543-8010 


SS 


ACCOUNT DIRECTOR: Bill Hanck (949) 442-4006, Fax 
(949) 476-8724: SENIOR SALES ASSOCIATE: Jean Del- 
larobba (949) 442-4053, 18831 Von Karman Avenue, Suite 200. 
Irvine, CA 92612, Fax: (949) 476-8724 


ACCOUNT DIRECTOR: Laurie Marinone (508) 271-7108: 
FIELD MARKETING ASSOCIATE: Deborah Crimmings (508) 
271-7110, 500 Old Connecticut Path, Framingham, MA 01701, Fax 
(508) 270-3882 


DEMOmobile 2003 aerr 
www.idgconferences.com/M3ACW 
TE Sadcksscaavess 

www.emc.com 

Hewlett-Packard ESG .... 
www.hp.com 
Hewlett-Packard PSG Desktop ........ 
www.hp.com 

Hewlett-Packard White Paper 
www.hp.corm/go/preliantS5. 

IBM Lotus ........ eons ..- 45 
www.ibm.com 


II ono isdisecice cc cescecenad 2-3 
www.ibm.com 


IBM Websphere ............-. 


www.ibm.com 


Sapa NAR on sinc sive ccc cesicccccest 
www.enterpriseitweek.com 


OE aides siciee ons 
www.mci.com 


Microsoft Visual Studio.net . ... 
www.microsoft.com 


Microsoft Windows Server2003 


Softchoice ..... Y 
www.softchoice.com 


StorageTek .......... 
www.StorageTek.com 


Street, Suite 114, San Francisco, CA 94107, Fax: (415)-543-8010 
anUh eran 
Serallaa headed il ACCOUNT DIRECTOR: Peter Mayer (201) 587-7328: FIELD 


ACCOUNT DIRECTOR: Bill Hanck (949) 442-4006, Fax: (949) MARKETING ASSOCIATE: John Radzniak (201) 587-7347, 


ist/Keeley Guillerme; AUDIENCE AND MARKET RE- 


SEARCH: Director/Joanne Oteri Sun Microsystems 


www.sun.com 


STRATEGIC PROGRAMS AND EVENTS 
Vice President Strategic Initiatives/Leo Leger: Director 
Sales and Sponsorship Marketing/Ann Harris; Director 
Event Marketing and Conterence Programs/Derek Hulitzky: 
Manager Strategic Programs and Events/Michael Meleedy. 
Event Marketing Coordinator/Kate Davis; Customer Service 
Coordinator/Chris Leger; Events Operations Specialist, 
Lynn Mason; Conference Manager/Nanette Jurgelewicz: 
Event Program Coordinator/Pam Malingowski; Administra 
tive Coordinator/Shari Redan, 500 Old Connecticut Path 
Box 9171, Framingham, MA 01701-9171, (508) 879-0700, 
Fax: (508) 626-8524 


ONLINE ADVERTISING 
Director of Online Sales/Operations, Gregg Pinsky, (508) 
271-8013; Manager of Online Sales/Business Develop 
ment, Matt Duffy, (508) 820-8145; Online Sales Assistant 
Kathy Snow (508) 270-7112; 500 Old Connecticut Path 
Box 9171, Framingham, MA 01701-9171, Fax: (508) 270 
3882; Inside Sales/Account Associate, Norma Tamburrino, 
Mack - Cali lV, 61 South Paramus Rd., 3rd Fioor, Paramus 
NJ 07652, (201) 587-7314, Fax: (201) 712-9786 


CUSTOM PUBLISHING/ 
BUSINESS DEVELOPMENT 
Director, Business Development - Western Region/Bill 
Hanck (949) 442- 4006 


ITCAREERS ADVERTISING SALES OFFICES 
Director, Recruitment Advertising Sales/Nancy Percival, 
(800) 762-2977, Fax (508) 879-0184: Sales & Marketing 
Associate/Joanna Schumann, (508) 620-7757, 500 Old 
Connecticut Path, Framingham, MA 01701; EAST: Regional 
Manager/Deanne Holzer, (516) 487-2951; Account Execu- 
tive/Andrew Haney, (508) 620-7759; MIDWEST/ WEST: 
Regional Manager/Laura Wilkinson, (773) 529-7811; Ac- 
count Executive/Mark Dawson, (508) 620-7760. 


LIST RENTAL 
POSTAL: Rich Green, (508) 370-0832, e-mail: rgreen 
@idglist.com. E-MAIL: Christine Cahill, (508) 370-0808, 
e-mail: ccahill@idglist.com. MAILING ADDRESS: |DG 
List Services, P.O. Box 9151, Framingham, MA 01701-9151, 
Fax: (508) 370-0020 


476-8724; SENIOR SALES ASSOCIATE: Jean Dellarobba 
(949) 442-4053, 18831 Von Karman Avenue, Suite 200, Irvine, 
CA 92612, Fax: (949) 476-8724 


ACCOUNT DIRECTOR: Peter Mayer (201) 587-7328; FIELD 
MARKETING ASSOCIATE: John Ra 201) 587-7347, 
Mack - Cali IV, 61 South Paramus Rd. 3rd Floor, Paramus, NJ 
07652, (201) 587-0090, Fax: (201) 587-9255 


INTERNATIONAL 
DATA GROUP 


CHAIRMAN OF THE BOARD 
Patrick J. McGovern 


CEO 

Pat Kenealy 
COMPUTERWORLD is a business unit of IDG, the 
world's leading technology media, research and event 
company. IDG publishes more than 300 magazines 
and newspapers and offers online users the largest 
network of technology-specific sites around the world 
through IDG.net (www.idg.net), which compnses more 
than 330 targeted Web sites in 80 countries. IDG is 
also a leading producer of 168 computer-related events 
worldwide, and IDG's research company, 
IDC, provides global market intelligence and advice 
through 51 offices in 43 countries. Company informa- 
tion is available at www.idg.com. 


IDG 


Mack - Cali lV, 61 South Paramus Rd. 3rd Floor, Paramus, NJ 
07652, Fax: (201) 587-9255. (201) 587- 1289 


SSS Sst eS 


ACCOUNT DIRECTOR: Lisa Ladle-Wallace (904) 284-4972. 
5242 River Park Villas Dr., St. Augustine, FL 32092, Fax: (800) 
779-8622: FIELD MARKETING ASSOCIATE: Deborah Crim 
mings (508) 271-7110, 500 Old Connecticut Path, Framingham, 
MA 01701, (508) 879-0700, Fax: (508) 270-3882 


Sybase ............ 
www.sybase.com 


We chraceesescacecc.. 
www.veritas.com 


*Regional Select Edition 


Have a problem with your Computerworld subscription? 


We want to solve it to your complete satisfaction, and we want to do it fast 


Please 0: Computerworld, P.O. Box 3500, Northbrook, IL 60065-3500. 


Your magazine subscription label is a valuable source of informa 
attaching your magazine label here, or copy your name, address, an 


label. Send this along with your correspondence. 


ADDRESS CHANGES OR OTHER CHANGES TO YOUR SUBSCRIPTION 


YOUR NEW ADDRESS GOES HERE: 


NAME 
TITLE 
ADDRESS 


CITY 


OTHER QUESTIONS AND PROBLEMS 


Itis better to write us concerning your problem and include the magaz 
are handled more efficiently by mail. However, should you need to r 


us quickly, the follow 


number is available: (888) 559-7327 Outside U.S. call (847) 559-7322. 


Internet address: cw@omeda.com 


COMPUTERWORLD allows advertisers and other companies to use its mailing ltst for selected offers we fee! would be 
of interest to you. We screen these offers carefully. If you do nat want to remain on the promotion list plesse write te the fot 
COMPUTERWORLD, Circulation Department, 500 Old Connecticut Path, Framingham, MA OT701. 


lowing address - 


ADDRESS 





www.computerworld.com 


RESOURCES 


COMPUTERWORLD July 21, 2003 


Keeley Guillerme, marketing specialist 
Peter Smith, Web development manager 
Kevin Gerich, Mark Savery, Web developers 
Bill Rigby, associate Web developer 

Matthew Moving, graphic 


How to Contact 


OMPUTERWORLD 


We invite readers to call or write with their comments 
and ideas. It is best to submit ideas to one of the department 
editors and the appropriate beat reporter. 


GENERAL INFORMATION 


TELEPHONE/FAX 
All editors unless otherwise noted below 


RESEARCH 24-hour news tip line. . . (508) 620-7716 


E-MAIL 


Our Web address is 
www. 


damie Eckle, man (508) 820-8202 Staff members’ e-mail follows this form: 


| Michele Lee DeFilippo, nt a 
managing editor/production (508) 820-8126 For IDG News Service correspondents: 
firstname _lastname@idg.com. 


Bob Rawson, Monica Sambataro, senior ( 


COPY DESK 
ditor/productior 
703) 321-2277 


Maryfran Johnson, editor in chief | critical-infrastructure security; travel 
(508) 820-8179 Jaikumar Vijayan, corporate security/privacy issue 


0. (630) 978-8390 y editors 


DEPARTMENT EDITORS 


Don Tennant, New: 

Craig Stedman, 

Mitch Betts, Feat 

Tommy Peterson, Technolo 

Jean Consilvio, assistant Management editor 


REPORTERS 


g/wireless; intel PC: 


Matt Hamblen, networking; networ 


Thomas Hoffman, ini 


Patrick Thibodeau, 
Dan Verton, federal/state g: 


30 2-8243 
508) 620-7729 
508) 820-8562 


| Ellen Fanning, 
| Robert L. Mitchell, 
Mark Hall, edit 


505) 425-3551 
508) 820-8567 
Julia King, nation 


'845) 988-963¢ 


508) 820-8215 





508) 628-4734 


| Sharon Machlis, mz 


Ken Mingis, online new 


| Marian Prokop, online 


| David Ramel, e-mail ne 


| Brian Sullivan, onlir 
| John R. Brilion, 
| David Waugh, ass 


Patricia Keefe, editor at large, opinions editor 
| Frank Hayes, senior news columnist 


Gary H. Anthes, nation 


(717) 560-5255 


OPINIONS 
508) 820-8183 


FEATURES 
508) 820-8204 
508) 820-8177 
503) 391-1158 
(703) 536-9233 
610) 532-7599 


COMPUTERWORLD.COM 
| Tom Monahan, online d 


508) 820-8218 
508) 820-8231 
(508) 820-8545 


(508) 620-7717 





Eugene Dematltre, Mike Parent, copy editors 


GRAPHIC DESIGN 


Stephanie Faucher, design director 


April O’Connor, assc 
Julie Quinn, grap 
Susan Cahill, grapt 


John Klossner, cartoonist 


ADMINISTRATIVE SUPPORT 
| Linda Gorgone, office manager 
| Cheryl Dudek, ac: 


CONTRIBUTING 
COLUMNISTS 


John Berry, Pimm Fox, 


Michael Gartenberg, Dan Gillmor, 
Thornton A. May, David Moschella, 
Bart Perkins, Nicholas Petreley, Paul A. Strassmann 


CONTRIBUTING 
WRITERS 


Mary Brandel, Amy Helen Johnson, Russell Kay, 
Sami Lais, Kathleen Melymuka 


ate art director 


(508) 820-8235 


(508) 820-8176 
(508) 820- 8178 


Contact... 





LETTERS TO THE EDITOR 


Letters to the editor are welcome 
and should be sent to: 


letters@computerworld.com. 
Include your address and telephone number. 
MAIL ADDRESS 
PO Box 9171, 500 Old Connecticut Path, 
Framingham, Mass. 01701 


SUBSCRIPTIONS/BACK ISSUES 


Subscription rates: U.S., $99.99/year; Canada, 
all others, $295/year 


REPRINTS/PERMISSIONS 


Renee Wywadis 


Visit www-.reprintbuyer.com to obtain quotes 
and order reprints online. 





COMPANIES IN THIS ISSUE 


Page number refers to page on which story begins. Company names can also be 


searched at www. .com. 


SHORE ING... 22 52005....5.58 
AAA MICHIGAN .. ke 1 
ABERDEEN GROUP INC......6 
ACCENTURE LTD. ........8,32 
ACTIONAL CORP.............8 
ADOBE SYSTEMS INC.. ac 
ADVANCED MICRO 

DEVICES INC...............33 
ADVANCED PROFESSIONAL 
ENGINEERING PC..........39 
ALLMERICA 

FINANCIAL CORP. . . . 
AMERICA ONLINE INC. 
AMERICAN SOCIETY FOR 
INDUSTRIAL SECURITY 
INTERNATIONAL INC. ....... 
AMERISURE 

INSURANCE CO 

Pag nee eae ccs 30 
ASSETMETRIX 

RESEARCH LABS 

AXA GROUP 

AXA TECHNOLOGY 

SERVICES. 

BEA SYSTEMS INC. 
BELLSOUTH CORP. 
BENCHMARK 

DATA CORP... inctec sensed 
BEST WESTERN 
INTERNATIONAL INC. 
BLUEFIRE SECURITY 
TECHNOLOGIES 





BOEHRINGER INGELHEIM 
GMBH ... eeda Ghasi vine eae 
BRIGHTMAIL INC. .... - 36 
BROADCOM CORP.........23 
BROCADE COMMUNICATION 
SYSTEMS INC 

CALDWELL 

INDUSTRIES INC......... 
CISCO SYSTEMS INC 
CO-OPERATORS 

LIFE INSURANCE CO..... 
COGNOS INC............. 6,30 
COLORADO SPRINGS 
SCHOOL DISTRICT 
COMPUTER ASSOCIATES 
INTERNATIONAL INC. 
COMPUWARE CORP. 
CONCORD 
COMMUNICATIONS INC.. ... . 
CONSUMERS ENERGY 
CORPORATE 

EXPRESS INC......... Ale he 
CUTTER CONSORTIUM. . . 
DECRU INC. 

DEFENSE ADVANCED 
RESEARCH PROJECTS 





DELL COMPUTER 


DOW JONES & CO... 
EBAY INC 


EMC CORP. se 

ENCOMPASS. ......... eee 

ERNST & YOUNG 

INTERNATIONAL . . en 

EVALUATOR 

GROUP INC. . > 31 

FEDERATION OF AMERICAN 

SCIENTISTS. . ‘ vl 

FEDEX COMP... 50525256505 8 

FLORIDA POWER & 

IEE Diass nas vi css ned eecamen 

FORRESTER 

RESEARCH INC. .............7 

GARTNER INC. .. . 37 

GIGA INFORMATION 

GROUP INC. 39 

GOOD HARBOR 

CONSULTING LLC............1 

GUARDENT INC, .............1 

HEWLETT-PACKARD CO. . . 1,8, 

«+++ 14,23,40 
.. 30 


|-MANY INC ‘ 
.-1,6,7,9,23,44 


IBM ..... 
ie ances ics ak 
INFONETICS 
RESEARCH INC. 


INQUEST MARKE 


INSIGHT 64 

INTEL CORP. . 1,6,8,14,23,32,33 
INTERNET SECURITY 
SYSTEMS INC. 

J.D. EDWARDS & CO. 

JANUS RISK 

MANAGEMENT INC..........13 
NE a8's och. 6-0 pinn es sus 8 
KASTEN CHASE APPLIED 
RESEARCH LTD. 





LANCOPE INC....... 
LEGATO SYSTEMS INC. 
LEVERAGE 

PARTNERS INC............. 
LOGAN INTERNATIONAL 
AIRPORT ....... 

LOTUS 

SOFTWARE GROUP ........ 
MANUGISTICS INC......... 
MASSACHUSETTS PORT 
AUTHORITY 

MASTERCARD 
INTERNATIONAL INC 
MCKINSEY & CO...........- 
MICROSOFT CORP........1, 


MITSUBISHI MOTOR 

SALES OF AMERICA INC. .. . 37 
MOHEGAN SUN CASINO . . 7,18 
MOTOROLAINC.............16 
DEY Sain diay as asndins gies «cae 
NATIONAL CENTER FOR 
SUPERCOMPUTING 
APPLICATIONS 

NATIONAL ECONOMIC 


NEOSCALE SYSTEMS INC. . . 31 
NETSCOUT SYSTEMS INC. .. 18 
WOT OO ace tvty bene a 
NETWORK 

ASSOCIATES INC 

NEW ERA CAP CO. 

NEW YORK CITY DEPARTMENT 
OF BUILDINGS .......... ..39 
O'REILLY & 

ASSOCIATES INC 

OCWEN FINANCIAL CORP... .6 
OCWEN TECHNOLOGY 
PRR Ase wcciecnie ness 6 





OFFICE OF MANAGEMENT 

cise chin a: yan PEE Eee. 
OFFICE OF SCIENCE AND 
TECHNOLOGY POLICY 

OPEN SOURCE APPLICATIONS 
FOUNDATION 

OPENWAVE SYSTEMS INC, ..8 
ORACLE CORP. .........1,6,13, 
ORBITZ LLC..............6,44 
OTIS SPUNKMEYVER INC. ... 23 
PCI-SIG.. 

PEOPLESOFT INC... . 6,8,37, 
PRESIDENT'S CRITICAL 
INFRASTRUCTURE 
PROTECTION BOARD 
PRICEWATERHOUSECOOPERS .7 
PROVIDENCE HEALTH 


PTAK & ASSOCIATES INC... ..9 
PUBLIC BROADCASTING 


RAYMOND JAMES 
FINANCIAL INC. 

RED HAT INC.............. 7 
ROYAL CARIBBEAN 
CRUISES LTD. 


SCIENCE APPLICATIONS 
INTERNATIONAL CORP...... 37 
SCIENTECH INC. 
SERVERWORKS INC.. . 

SMC NETWORKS INC. . 


SOPHOS PLC 

SSA GLOBAL 

TECHNOLOGIES INC. 

SUN MICROSYSTEMS INC. . 1,6, 
Siumksneneanaekeienuos 7,21,44 


SUSE LINUXAG ........... 
SYBASE INC. 
TANDBERG......... 

TERRA LYCOS SA 

THE CONFERENCE 

BOARD INC. ............. .20 
THE ENTERPRISE STORAGE 
GROUP INC. 

THE SPIRE GROUP 

TIVOLI SOFTWARE ......... 
TOWERGROUP .......... -40 
U.S. DEPARTMENT OF 
HOMELAND SECURITY ... 1,20 
UNIVERSITY OF ARKANSAS 
FOR MEDICAL SCIENCES. ... 14 
UNIVERSITY OF ILLINOIS AT 
URBANA-CHAMPAIGN 
UNIVERSITY OF NEW 

SOUTH WALES 

URBAN INSTITUTE . 

VOLVO FINANCE NORTH 
AMERICA INC. 

VORMETRIC INC. ........... 
WAINHOUSE RESEARCH 
WASHINGTON FEDERAL 
SAVINGS AND LOAN 
ASSOCIATION 

WASHINGTON UNIVERSITY 

IN ST. LOUIS. 

WAVE THREE 

SOFTWARE INC. . . 
WEBWASHER AG. . 

WELLS FARGO & CO. 
WILBERT INC. 

WITF INC 

WORLD HEART CORP........ 8 
ZOHO COIR oss acces 44 





www.computerworld.com 


NEWS 


COMPUTERWORLD July 21,2003 Jd 





RNATIONAL, NEW YORK 


Continued from page 1 
IT Security 


ty spending,” said Mark Doll, 
the Americas director of New 
York-based Ernst & Young’s 
Security Services division, in a 
prepared statement. “It looks 
like we need to find a credible 
alternative to conventional 
ROI approaches in order to se- 
cure funds for the information 
security function.” 


High Priority 

Not surprisingly, 90% of the 
organizations surveyed said 
that IT security is of high im- 
portance to them, with 78% 
identifying risk reduction as 
the top factor influencing se- 
curity spending. 

Even so, information securi- 
ty managers are having a hard 
time explaining the impor- 
tance of IT security in relation 
to overall business needs, the 
survey showed. “There’s a 
clear disconnect between 
what organizations define as a 
major business objective — 
protecting their information 
resources — and where they 
allocate funding,” Doll said. 

The survey’s results, espe- 
cially those related to ROI, 
aren’t surprising, users said. 

“Showing ROI on security is 
an interesting problem,” said 
Jonathan Squire, security tech- 


Leading Barriers 





nical architect at Dow Jones & | 
Co. in Princeton, NJ. “For the | 
most part, if we are doing our | 
job well, you don’t notice us. 
Security is not generally a 

profit center, so from a dollar 
perspective, it is very hard to 
justify spending.” 

Security and IT managers 
also lack the experience, train- 
ing and vocabulary to effec- 
tively articulate a business 
case for security funding, said 
Dennis Treece, director of 
corporate security at the 
Massachusetts Port Authority 
(Massport) in Boston. As one 
of the executives in charge of 
securing Boston’s Logan Inter- 
national Airport, three sea- 
ports and a major toll bridge, 
Treece oversees both physical 
and IT security for Massport. 

“IT people come from a cul- 
ture that sees security as just 
another point of failure in 
their networks, another way to 
decrease network speed and 
performance,” Treece said. “IT 
people who get made IT secu- 
rity people are too culturally 
attuned to the network’s prob- 
lems and don’t press the case 
for security strongly enough.” 

Compounding the problem 
is the fact that security metrics 
in many ways are inherently 
hard to collect, Treece said. 
For instance, “how do you col- 
lect the number of events that 
did not happen because your 
guards were awake?” 


Business Disconnect 
The fact that just 51% of those 
surveyed said their IT security 
spending was either complete- 
ly or closely aligned with busi- 
ness needs illustrates another 
problem. And more than 34% 
of organizations rated them- 
selves as less than adequate 
in their ability to determine 
whether their systems are cur- 
rently under attack, while 
more than 33% said their abili- 
ty to respond to incidents was 
inadequate. | 
Doll said many executives | 
focus on well-publicized secu- 
rity issues such as viruses and | 
malicious hackers, when they | 


Security is not 
generally a 
profit center, so from 


a dollar perspective, 
it is very hard to jus- 


tify spending. 
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should be looking into less ob- 
vious threats such as disgrun- 
tled employees, network links 
to partners with untrustwor- 
thy systems, hardware thefts 
and nonsecure wireless access 
by employees. 

“These factors can not only 
cause serious information se- 
curity damage, but also se- 


verely damage a company’s 
reputation,” he said. 

The bulk of security spend- 
ing at most companies contin- 
ues to be on technology prod- 
ucts, with far less attention be- 
ing paid to employee aware- 
ness and training issues, the 
survey revealed. Only 29% of 
those surveyed listed employee 
awareness and training as a top 
area of IT security spending. 

But funding for any security 
project is especially hard to 
secure in a depressed econo- 
my, said Carl Cammarata, 
chief information security of- 
ficer at automobile association 
AAA Michigan in Dearborn. 

“There is a continuing focus 


| to maintain baseline costs. If a 


choice has to be made be- 
tween adding new business 


functionality or spending 
money on something that’s 
less tangible, like security, the 
money always goes to adding 
business functionality,” Cam- 
marata said. The trick is to 
“express risk in tangible 
terms” by showing what a lack 
of security could do to a core 
business system, he said. 

The “2003 Ernst & Young 
Global Information Security 
Survey” was conducted over a 
two-month period earlier this 
year, gleaning responses from 
more than 1,400 organizations 
in 66 countries. D 
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Tru64 


competitive officer, said he be- 
lieves that many of the Alpha 
and Tru64 users will “feel 
abandoned” and dissatisfied 
with the option of ultimately 
moving to Itanium. 

Sun is focusing on growing 
revenue, said Singer, and HP 
“just kind of left the door wide 
open.” 

IBM is also keen to attract 
some of these users. The com- 
pany doesn’t have a specific 
incentive program unique to 
Alpha and Tru64 users, but it 
does have programs that 
would help them, such as 
server consolidation studies, 
said Jeff Benck, director of 
product marketing at IBM’s 
Systems Group. 

One goal of the HP competi- 
tors will be to convince Alpha 
and Tru64 users that IBM’s 
AIX version of Unix and Sun’s 
Solaris are an easier transition 
than HP-UX. 

Dan Marmion, CIO at hard- 
ware maker New Era Cap Co. 
in Derby, N-Y., runs Alpha and 
Tru64 and said he looked at 
converting to Sun two years 
ago. Although the hardware 





was less expensive, the con- 
version costs were high. 
Marmion said he would be 
willing to hear Sun’s new 
pitch, although so far he’s 


| 
| comfortable with HP’s migra- 


tion strategy to move Tru64 
users to HP-UX, even though 
he may lose some features. 
Some of the consultants Best 
Western brought in to evaluate 
its options were from IBM, and 
they said the company would- 
n’t have any problems moving 
its Oracle applications to any 
platform, including IBM. 
Skaare said he liked the IBM 
pSeries servers, but “HP was 
able to bring together the best 
overall deal for us.” That pack- 
age provided professional ser- 
vices and ongoing mainte- 
nance and still met the hotel’s 


Do | think this 

is a great time 
to jump to the other 
platforms? | would- 
n't say so yet. | don’t 
foresee Itanium as 
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budget goals, he said. 

Skaare said he is seeing a lot 
of interest from vendors in 
customers like himself. “If 
there isn’t already a battle out 
there to win those people, 
there should be,” he said. 

Jim Becker, a board member 
of the Chicago-based HP user 


group Encompass and lead 


systems engineer at Washing- 
ton think tank the Urban Insti- 
tute and an Alpha and Open- 
VMS user, said he sees no rea- 
son yet to get off that platform. 

“Do I think this is a great 
time to jump to the other plat- 
forms? I wouldn'’t say so yet,” 
he said. “I don’t foresee Itani- 
um as an also-ran platform.” 

HP is planning Alpha up- 
grades through 2005. It also 
has plans for two more releas- 
es of Tru64 and will support it 
through 2011. 

In response to Sun’s pro- 


gram, HP officials said the bat- 


tle for customers cuts two 
ways. The company has com- 
prehensive and coordinated 
companywide programs “to 


| aggressively pursue and mi- 


grate customers from Sun and 
IBM systems to HP systems,” 
said Mark Hudson, HP’s vice 
president of marketing for en- 
terprise storage and servers. D 
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The Idea Game 


OW SLOW is the business-news business these days? 
So slow that The Wall Street Journal’s online edition is 
working on a story about companies that have devel- 
oped grammar policies for e-mail. That’s right: At a 
time when you’d expect everyone to be laser-focused 
on keeping costs down and maximizing productivity, some execu- 
tives are fretting about whether the verbs are conjugated correctly in 
employees’ e-mail — and the Journal wants to write about them. 
Finished laughing? Good. Now what are you going to do when 
your CEO decides he wants to implement an e-grammar policy, too? 


Sure, it sounds a little silly. But hey, times are 
tough. Every company needs any edge it can 
get. And if a grammatically correct e-mail mes- 
sage impresses a prospect just enough to tip the 
competitive scales in your company’s favor, it 
may be worth a shot. 

And why would your CEO come to IT about 
this? Because it’s a lot cheaper and easier to 
bolt a grammar checker onto your e-mail sys- 
tem than to send every employee to remedial 
grammar classes. At least that’s what your CEO 
is going to think. 

Your CEO is also going to think that you can 
come up with some cost-effective ways to do it. 
And that you can make it happen fast. And that 
the result will improve even his messages. 

So, what should you do? That depends — but 
don’t just treat this idea like one of those in- 
flight inspirations. 

You remember them. Back when you still had 
a full staff and budget, your CEO used to return 
from business trips with loopy IT ideas that 
came from airline in-flight magazines. Usually 
they sounded very interesting — but were com- 
pletely impractical or inappropriate for what 
your company was doing with IT. 

And usually you could either talk 
him out of it or just let the idea die 
from lack of action. In-flight inspi- 
ration tended to have a pretty short 
life span. 

As time went by, you got less of 
that. Maybe you didn’t notice, but 
somewhere during the Internet 
frenzy, your CEO got a little more 
tech-literate, so those loopy in-flight 
ideas stopped sounding so good. 

And sometime after the economy 

started sinking, the idea of burning 
budget dollars based on something 
torn from a giveaway airline maga- 





zine stopped seeming so smart. 

So why would your CEO start bringing in 
ideas again? First: They won’t be coming from 
airline magazines. They'll come from business 
newspapers and magazines. These are sources 
your CEO trusts for business information. He’ll 
trust their IT suggestions, too. 

Second: Your CEO may now believe he can’t 
afford not to be involved in IT. Sarbanes-Oxley 
and security and lots of other hot-button busi- 
ness issues depend on IT today. But so do little 
tweaks that could give your company that tiny 
bit of competitive edge. He doesn’t want to 
miss those opportunities. 

And you shouldn’t miss those opportunities 
either. Don’t dismiss your CEO’s new sugges- 
tions like so many in-flight inspirations. He be- 
lieves IT matters. Leverage that belief. 

Get back to him fast with real analysis and 
real options. Don’t encourage bad ideas, but 
nudge not-so-bad ideas in the right direction. 
Warn him of what they would cost in budget 
and delays to other projects — which, not inci- 
dentally, will give those projects high-level visi- 
bility. Point out the limits of the technology — 
and demonstrate that you value the human ele- 

ment in business. 

And even if an idea sounds a 
little silly to you, remember that 
those silly little ideas can pay off 
big for you. This is a chance to 
make your IT department look 
smart, responsive and business- 
savvy in front of the guy who can 
decide either to invest in your shop 
or outsource a big chunk of it. 

So stop laughing. Take it serious- 
ly. It might be a good idea. But even 
if the business doesn’t get any real 
advantage from it, that’s no reason 
you shouldn't. B 
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